[stunnel-users] key+cert+dh risks

Jean-Yves F. Barbier 12ukwn at gmail.com
Tue Feb 15 23:05:22 CET 2011


On Tue, 15 Feb 2011 22:29:53 +0100, Christophe Nanteuil
<christophe.nanteuil at gmail.com> wrote:


...
> > For my own security, keys are rotated on a monthly basis.
> >
> 
> Yes and, of course, you are sure that your random generator is better than
> the debian one before may 2008...

This one's only used by other gpms, for openssl I use lava for years. 
 
...
> Do you REALLY think that a brute force attack is what someone would use to
> gain access to YOUR data ?
 
Depends on the (real) power you can bring up on the table; and brute force is
far from being the only possible attack; AND you can't have any idea of what
will happen is the near future (new algorythms, new CPU with calculation
power multiplied by 1e8, for example) - in this case, attacker just have to
record streams and replay them when maths/tech is ready.

It also depends on footprints you leave behind you (web, MLs, foruls, blogs,
trash can, etc), as very first step of a serious attack is intelligence.

...
> ever heard of  'forward secrecy' ? (
> http://en.wikipedia.org/wiki/Perfect_forward_secrecy)

I didn't knew (or remember) it wear this name, but the principle is so
obvious...

-- 
When I kill, the only thing I feel is recoil.



More information about the stunnel-users mailing list