On 10/13/14, ianG <i...@iang.org> wrote: > ... > No, and I argue that nobody should care about MITM nor downgrade attacks > nor any other theoretical laboratory thing. I also argue that people > shouldn't worry about shark attacks, lightning or wearing body armour > when shopping. > ... > What distinguishes what we should care about and what we shouldn't is > data. And analysis of that data.
indeed. thanks for showing me the light, ian! Q: 'Should I disable Dual_EC_DRBG?' A: "The data shows zero risk of an attacker compromising the known vulnerability of a specially seed random number generator. Do not change; keep using Dual_EC_DRBG!" Q: 'Should I switch away from 1024 bit strength RSA keys?' A: "The data shows zero risk of an attacker compromising the known vulnerability of a insufficiently large RSA key as the cost is prohibitive and no publicly demonstrated device exists. Do not change to larger keys; keep using 1024 bit RSA!" Q: 'Should I worry about the auto-update behavior of my devices or computers?' A: "The data shows minimal risk of an attacker compromising your systems via this method. Don't bother changing your vulnerable auto update any where any time any how; you're probably safe!" it's all so easy now... :) _______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography