Incidentally: 'TLS has many bigger problems' is not a good response to 'TLS crypto has lots of problems'.
-
-
Replying to @matthew_d_green
@matthew_d_green For reference, could you briefly enumerate TLS crypto problems? I am curious what you mean by that exactly.1 reply 0 retweets 0 likes -
Replying to @ivanristic
@ivanristic BEAST, Lucky13, RC4. PKCS#1v1.5. Crummy key exchange design. Client renegotiation nonsense.2 replies 2 retweets 2 likes -
Replying to @matthew_d_green
@matthew_d_green@ivanristic what about BREACH? I my understanding is that it’s basically a consequence of flawed design (MtE vs EtM).2 replies 0 retweets 0 likes -
Replying to @hynek
@hynek@matthew_d_green TLS also leaks data packet timing and length information. But it was never designed to hide it.1 reply 0 retweets 0 likes -
Replying to @ivanristic
@ivanristic@hynek Yes, but some implementations add random padding in an attempt to do so. Crummy idea though.1 reply 0 retweets 0 likes -
Replying to @matthew_d_green
@matthew_d_green@hynek Someone had the idea to disable HTTP compression when the referrer isn’t correct. Kills the BREACH exploit.1 reply 0 retweets 2 likes -
Replying to @ivanristic
@ivanristic@matthew_d_green@hynek A lot of content filters/proxies/AVs are hiding or faking the referrer. But that's a pretty smart idea.1 reply 0 retweets 0 likes -
Replying to @jedisct1
@jedisct1@matthew_d_green@hynek Yes, there’s a performance penalty (no compression), but only for those whose referrers are not correct.1 reply 0 retweets 0 likes
@ivanristic Totally worth it. Love the idea.
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.