Re: best way to secure communication?

To: debian-user@lists.debian.org
Subject: Re: best way to secure communication?
From: lee <lee@yun.yagibdah.de>
Date: Sat, 20 May 2006 18:22:37 +0200
Message-id: <[🔎] 20060520162237.GF20242@yun.yagibdah.de>
Mail-followup-to: debian-user@lists.debian.org
In-reply-to: <[🔎] 20060518191228.GE5245@jameswestby.net>
References: <[🔎] 20060517223011.GN859@yun.yagibdah.de> <[🔎] 20060517225330.GA24145@jameswestby.net> <[🔎] 20060518183035.GP859@yun.yagibdah.de> <[🔎] 20060518191228.GE5245@jameswestby.net>

On Thu, May 18, 2006 at 08:12:29PM +0100, James Westby wrote:

> My point was that if you are worried about people putting the effort
> in to cracking *your* SSL based chats, then I would be wondering
> what you were actually talking about.

Oh, I don't think that anybody will try.

> And if I was that concerned about it then I would not be asking for
> advice like this on d-u (apologies to all subscibers). I would be
> doing research in to how to actually acheive some proper security,
> rather than using some attempts to add encryption to existing
> protocels over public switched networks (no offence to those who
> have added encryption capabilities to these protocols, capabilities
> I use all the time and value a lot).

Do you think it's insecure to use existing protocols with added
encryption?

> If you are just the paranoid type then SSL using something like
> TLS_DHE_DSS_WITH_AES_256_CBC_SHA        DHE-DSS-AES256-SHA 
> (man 1 ciphers) should put off the casual attacker. 

I'm trying not to become paranoid. I only want to make it sufficiently
difficult for ppl eventually trying to spy. The more difficult, the
better. The hard thing is to find out what can be considered as
'sufficiently difficult'.

> I'm not sure what you mean by the other end of the communication? Are
> you planning to be talking to people who don't use encryption? In that
> case there is not a lot of point in worrying about how strong your
> encryption is.

No, but I don't have much influence on the other end, other than
deploying some solution for encryption, provided that the solution is
sufficiently easy to install and to use. No more than that, so if
someone would try to attack, he'd probably attack the other end since
it appears to be the weakest part.

If I were paranoid, I won't even try this because it is 'sufficiently
futile' ;) Within its limitations, it's still better than nothing. But
it would be a very bad thing not to know of the limitations and to
think that is actually secure.

The plugin for Gaim seems to be nice, we're going to try it out. Maybe
the other options will also become interesting.

Do you think it's sufficiently secure that way? Like 'the plugin works
as advertised' or 'the plugin is crap because it's easyly decrypted or
exploited'? With whatever be used, it's hard to tell.

GH

Reply to:

Follow-Ups:
- Re: best way to secure communication?
  - From: James Westby <jw+debian@jameswestby.net>

References:
- best way to secure communication?
  - From: lee <lee@yun.yagibdah.de>
- Re: best way to secure communication?
  - From: James Westby <jw+debian@jameswestby.net>
- Re: best way to secure communication?
  - From: lee <lee@yun.yagibdah.de>
- Re: best way to secure communication?
  - From: James Westby <jw+debian@jameswestby.net>

Prev by Date: Re: best way to secure communication?
Next by Date: Re: best way to secure communication?
Previous by thread: Re: best way to secure communication?
Next by thread: Re: best way to secure communication?
Index(es):
- Date
- Thread