[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[Freedombox-discuss] CAs and cipher suites for cautious servers like FreedomBox

On Fri, Sep 13, 2013 at 8:18 PM,  <cgw993 at aol.com> wrote:

> Again, not an expert in this subject at all, but since we are talking about
> security I wanted to bring up WEP.   My limited understanding of WEP is that
> it was an insecure encryption method used a decade or more ago and is still
> offered on many routers.

WEP is on a list of broken things we should obviously make sure the Box
never does. One reference is:
That is outdated; newer and even better attacks on WEP have been
published since it was written,

Other known-broken things we should not do include single DES and
several of the cell phone encryption methods like A5/! and A5/2.

Another is RSA with short keys. I think the current recommended minimum
for RSA is 2048 bits, but I may be out of date. Certainly < 1024 is unsafe,
and some systems still use 512.

A similar issue shows up for the Diffie-Hellman groups used in key
negotiation for IPsec and I think TLS.
Fifteen years ago, the FreeS/WAN team refused to implement the
768-bit Group 1, even though it was in the IPsec standard. Most
installations used the 1536-bit Group 5. I'm not sure what would
be appropriate today.

For both RSA and DH, there are related elliptic curve algorithms
which may be better (faster for a given security level). Evaluating
those gets complicated though. For one thing, the math involved
is remarkably heavy. Also, some of the algorithms are patented
and the patent holder is aggressive about enforcement. Finally,
there have been claims that the curves used in some of the
standards give the NSA a back door. As far as I can tell, the
last two concerns can be worked around; there are unpatented
algorithms and curves the NSA had no hand in devising, but
it is not going to be easy.

Arguably, using IPsec or TLS without forward secrecy is another thing
we should never do.

The replacement for WEP is WPA.

There are also some known problems with it. I think they are
only for certain modes and WPA can be secure if used very
carefully, but I have not looked at it in any detail so I could
easily be wrong.

Reply to: