Of course, DHE can provide forward secrecy. The only catch is that you have to custom-generate strong parameters and rotate them regularly.
@ivanristic If 2048-bit is easy to break, then it's likely that RSA is too. At that point it's best to have alg diversity. RSA + ECDHE
-
-
@colmmacc Breaking DHE is scarier because it can be attacked passively. You only break RSA if you want to do MITM. -
@ivanristic I wish that were true. Still a lot of non-PFS traffic :( - 1 more reply
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.