[stunnel-users] key+cert+dh risks
Jean-Yves F. Barbier
12ukwn at gmail.com
Tue Feb 15 23:05:22 CET 2011
On Tue, 15 Feb 2011 22:29:53 +0100, Christophe Nanteuil
<christophe.nanteuil at gmail.com> wrote:
...
> > For my own security, keys are rotated on a monthly basis.
> >
>
> Yes and, of course, you are sure that your random generator is better than
> the debian one before may 2008...
This one's only used by other gpms, for openssl I use lava for years.
...
> Do you REALLY think that a brute force attack is what someone would use to
> gain access to YOUR data ?
Depends on the (real) power you can bring up on the table; and brute force is
far from being the only possible attack; AND you can't have any idea of what
will happen is the near future (new algorythms, new CPU with calculation
power multiplied by 1e8, for example) - in this case, attacker just have to
record streams and replay them when maths/tech is ready.
It also depends on footprints you leave behind you (web, MLs, foruls, blogs,
trash can, etc), as very first step of a serious attack is intelligence.
...
> ever heard of 'forward secrecy' ? (
> http://en.wikipedia.org/wiki/Perfect_forward_secrecy)
I didn't knew (or remember) it wear this name, but the principle is so
obvious...
--
When I kill, the only thing I feel is recoil.
More information about the stunnel-users
mailing list