Of course, DHE can provide forward secrecy. The only catch is that you have to custom-generate strong parameters and rotate them regularly.
@ivanristic Security is trade-offs, so all trade-off arguments sound like that and are judgement calls :/ In this case risk/reward seems low
-
-
@colmmacc So as a layman, how do I know that tomorrow we won’t hear that 2048-bit DH parameters are easy to break :) -
@ivanristic If 2048-bit is easy to break, then it's likely that RSA is too. At that point it's best to have alg diversity. RSA + ECDHE - 3 more replies
New conversation -
-
-
@colmmacc Right, but we’ve just been effectively told: “you know all that story about PFS and DHE; that was all a lie”.Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
@colmmacc No need to answer, it’s all hypothetical anyway. If you need that level of security, you shouldn’t be using TLS :)Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.