Jean-Marc Desperrier wrote:
I'm surprised nobody has said until now that there's already such a
warning dialog for 40 bit crypto (at least in the suite, maybe FF
removed it).
I don't believe 512 RSA keys trigger it, though.
512 bit keys are a lot stronger than 40 bit, they are
more like about 60 bit. So if you are going to hit
512 bits you are probably going to want to hit 64 bit
ciphers as well, which would address all of the older
suites I suspect.
This highlights a difficult
area: it's quite difficult to decide what and where
the weaknesses of small keys becomes a problem, and
any "binary" warning is unlikely to be correct or
useful in real life. If one wanted to achieve a
useful distinction, then I suggest warning when an
SSL v2 protocol site is struck, as at least then
a real issue is being addressed.
Only about 0.33% of sites are limited to the old
40 bit crypto, but a greater number use 64 bit
ciphers.
iang
--
News and views on what matters in finance+crypto:
http://financialcryptography.com/
_______________________________________________
Mozilla-security mailing list
Mozilla-security@mozilla.org
http://mail.mozilla.org/listinfo/mozilla-security
