LIVE FROM COLUMBIA, IT'S #REALWORLDCRYPTO
What drives support being relatively high in the beginning, such as in the Alexa top 1million? Possibly being operated by professionals, or because the site is being served/TLS terminated by another service who does stay on top of TLS versions.
#realworldcrypto
-
-
Cheers to Cloudflare for their aggressive adoption of multiple draft versions of TLS 1.3!
#realworldcryptopic.twitter.com/Ddn015M9A8
Prikaži ovu nit -
Facebook started support at draft 23
#realworldcryptoPrikaži ovu nit -
Don't have data for Google but they also joined late, but once they joined a lot of servers supported it all together (makes sense considering Google front end / terminator deployment strategies).
#realworldcryptoPrikaži ovu nit -
Digital Ocean support spiked when the RFC was accepted, possibly due to Linux defaulting to the new version of TLS and well-patched droplets picking it up automatically.
#realworldcryptoPrikaži ovu nit -
"Clients would be using the new ClientOffered extension to advertise really ancient versions of TLS"
#realworldcryptoPrikaži ovu nit -
Some of these are private versions for companies like Google and Facebook that controlled their own clients and servers until the final draft was adopted.
#realworldcryptoPrikaži ovu nit -
(Selected set, this list is actually like a hundred ciphersuites long)
#realworldcryptoPrikaži ovu nit -
-
Some features aren't scannable because they are encrypted, by design.
#realworldcryptoPrikaži ovu nit -
60% of connections over TLS 1.3 go to Facebook!
#realworldcryptopic.twitter.com/6EyvQwXTvJ
Prikaži ovu nit -
ANDROID SUPPORT
Came with the release of Android Q, not including apps that shipped with their own TLS stack and negotiated their own connections earlier.
#realworldcryptopic.twitter.com/uiGlOzhBX0
Prikaži ovu nit -
So much faster adoption than previous versions due to investment by several large companies
#realworldcryptoPrikaži ovu nit -
Q: Adoption in things like DTLS? A: Only a tiny amount
#realworldcryptoPrikaži ovu nit -
NEXT UP: The 9 Lives of Bleichenbacher's CAT: New Cache ATtacks on TLS Implementations
#realworldcryptoPrikaži ovu nit -
-
-
"How is this still a thing?" Same man, same
#realworldcryptoPrikaži ovu nit -
-
Why do we care if we can break 6% of TLS connections? Because it's not actually those 6% that are vulnerable, downgrade attacks affect more than that.
#realworldcryptoPrikaži ovu nit -
-
But this is still vulnerable to Bleichenbacher's adaptive chosen-ciphertext attack
#realworldcryptopic.twitter.com/rln68VDD9L
Prikaži ovu nit -
Use this to decrypt the premaster secret and sniff session cookies
#realworldcryptoPrikaži ovu nit -
Only 6% of connections use RSA key exchange, so instead, force a downgrade on servers that _support_ RSA kex but aren't overtly advertising it, using a MITM
#realworldcryptoPrikaži ovu nit -
Need to keep the session alive during the padding attack, which the user might notice. Instead, use JS in the background to repeatedly reopen connections in the background, instead of reloading the full webpage which the user may notice.
#realworldcryptoPrikaži ovu nit -
> cache timing side channel "were caches a mistake???"
#realworldcryptoPrikaži ovu nit -
Most browsers timeout connections after 30 seconds, so we need to parallelize
#realworldcryptoPrikaži ovu nit - Još 44 druga odgovora
Novi razgovor -
Čini se da učitavanje traje već neko vrijeme.
Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.
crypto as in 'cryptography'

)