logo

blog

My website can't be that messy, right? git clone https://hacktivis.me/git/blog.git
commit: 1b62d0e8d9263113a3159a4384e9346737007e02
parent 1dfd7812d560ee893300f3584487323e23d1193b
Author: Haelwenn (lanodan) Monnier <contact@hacktivis.me>
Date:   Thu,  7 Mar 2019 06:59:43 +0100

articles/Pretty Bad Privacy: fix EFF DES cracker, mention Sweet32

Diffstat:

Marticles/Pretty Bad Privacy.xhtml3++-
1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/articles/Pretty Bad Privacy.xhtml b/articles/Pretty Bad Privacy.xhtml @@ -78,7 +78,7 @@ ID Algorithm Text Name Implementations MUST implement SHA-1. Implementations MAY implement other algorithms. MD5 is deprecated.</pre></blockquote> <cite><a href="https://tools.ietf.org/html/rfc4880">RFC4880</a>, November 2007</cite> -<p>Some additionnal ciphers got added later on, but this basically mean that you cannot be sure that a OpenPGP message you sent wasn’t done in more-or-less plaintext. 3DES was broken by the EFF in 199x, SHA1 was probably still known as okay but could be better (as SHA2 was already a thing), DSA was probably not now enough as good to be hardcoded, no idea for Elgamal.</p><!-- FIXME --> +<p>Some additionnal ciphers got added later on, but this basically mean that you cannot be sure that a OpenPGP message you sent wasn’t done in more-or-less plaintext. DES was broken by the EFF in 199x, 3DES is basically now on about the same size (NIST: 80 bits of security) but computing power got much better, SHA1 was probably still known as okay but could be better (as SHA2 was already a thing), DSA was probably not now enough as good to be hardcoded, no idea for Elgamal.</p><!-- FIXME --> <blockquote><pre> 13.4. Plaintext @@ -141,6 +141,7 @@ Compression: Uncompressed, ZIP, ZLIB, BZIP2 <li><a href="http://www.netpgp.com/">NetPGP</a>, an implementation of OpenPGP by NetBSD, seems quite unmaintained to me</li> <li><a href="https://blog.cryptographyengineering.com/2014/08/13/whats-matter-with-pgp/">What’s the matter with PGP? - A Few Thoughts on Cryptographic Engineering</a></li> <li><a href="https://lists.torproject.org/pipermail/tor-talk/2013-September/030235.html">[tor-talk] Why the Web of Trust Sucks</a></li> + <li><a href="https://sweet32.info">Sweet32: Birthday attacks on 64-bit block ciphers in TLS and OpenVPN</a>, which Triple-DES and Blowfish are vulnerable to</li> </ul> <p><a href="https://queer.hacktivis.me/notice/9gVn61L9VGPosmXRQG">Fediverse post for comments</a></p> </article>