* Lee <[email protected]> [2013-10-07 21:49:29 -0400]: > On 10/7/13, Yawning Angel <[email protected]> wrote: > > * Lee <[email protected]> [2013-10-07 15:58:19 -0400]: > >> Isn't it time to quit using DES? > >> > >> Finally gave TBB a try (version 2.3.25-13), seems to me that the > >> firefox component needs a lot of hardening. > > > > DES != 3DES, and supporting 3DES suites is standard across major browsers. > > Right. But is it still safe to use?
Why wouldn't it be? As far as I can tell you have yet to come up with any convincing reason as to why it's broken beyond "the NSA had a hand in it's design[0]" and "the name has DES in it". Note that Stephan Lucks' attack requires too many known plaintexts to be relevant in this context and is still (probably) computationally infeasable. > So... if you're visiting a web site that does only 3DES encryption, > is that good enuf or do you say no thanks & go elsewhere? *shrugs* If I noticed, it would be amusing since the webserver is buring a lot of CPU by using 3DES, and I would question the system adminstrator's sanity/competence, but on it's own, it's not a sufficient reason for me to ignore the site. This is getting offtopic so I will stop now. -- Yawning Angel [0]: If that's sufficient reason to drop something, the only cipher suite on the list that you would have left is TLS_RSA_WITH_RC4_128_MD5. -- tor-talk mailing list - [email protected] To unsusbscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
