Re: best way to secure communication?
On (18/05/06 20:30), lee wrote:
> On Wed, May 17, 2006 at 11:53:31PM +0100, James Westby wrote:
> > On (18/05/06 00:30), lee wrote:
> > > Hi,
> > [snip]
> > > And then, ssl is only so much secure
> > [snip]
> >
> > I think if you are worried about the security afforded by ssl you might
> > have to rethink your approach.
>
> Well, I don't know how secure ssl actually is. Afair I've been reading
> that they came up with hardware devices that can do ssl decoding in
> realtime.
>
My point was that if you are worried about people putting the effort in
to cracking *your* SSL based chats, then I would be wondering what you
were actually talking about. And if I was that concerned about it then I
would not be asking for advice like this on d-u (apologies to all
subscibers). I would be doing research in to how to actually acheive
some proper security, rather than using some attempts to add encryption
to existing protocels over public switched networks (no offence to those
who have added encryption capabilities to these protocols, capabilities
I use all the time and value a lot).
If you are just the paranoid type then SSL using something like
TLS_DHE_DSS_WITH_AES_256_CBC_SHA DHE-DSS-AES256-SHA
(man 1 ciphers) should put off the casual attacker.
> If I'm going to secure it, I want to do it right as far as
> possible. The other side of the communication is of course the biggest
> problem, but I don't have influence on that. So you might argue that's
> it's a very questionable or futile attempt in the first place ...
>
I'm not sure what you mean by the other end of the communication? Are
you planning to be talking to people who don't use encryption? In that
case there is not a lot of point in worrying about how strong your
encryption is.
James
--
James Westby
jw+debian@jameswestby.net
http://jameswestby.net/
Reply to: