Re: best way to secure communication?
On Thu, May 18, 2006 at 08:12:29PM +0100, James Westby wrote:
> My point was that if you are worried about people putting the effort
> in to cracking *your* SSL based chats, then I would be wondering
> what you were actually talking about.
Oh, I don't think that anybody will try.
> And if I was that concerned about it then I would not be asking for
> advice like this on d-u (apologies to all subscibers). I would be
> doing research in to how to actually acheive some proper security,
> rather than using some attempts to add encryption to existing
> protocels over public switched networks (no offence to those who
> have added encryption capabilities to these protocols, capabilities
> I use all the time and value a lot).
Do you think it's insecure to use existing protocols with added
> If you are just the paranoid type then SSL using something like
> TLS_DHE_DSS_WITH_AES_256_CBC_SHA DHE-DSS-AES256-SHA
> (man 1 ciphers) should put off the casual attacker.
I'm trying not to become paranoid. I only want to make it sufficiently
difficult for ppl eventually trying to spy. The more difficult, the
better. The hard thing is to find out what can be considered as
> I'm not sure what you mean by the other end of the communication? Are
> you planning to be talking to people who don't use encryption? In that
> case there is not a lot of point in worrying about how strong your
> encryption is.
No, but I don't have much influence on the other end, other than
deploying some solution for encryption, provided that the solution is
sufficiently easy to install and to use. No more than that, so if
someone would try to attack, he'd probably attack the other end since
it appears to be the weakest part.
If I were paranoid, I won't even try this because it is 'sufficiently
futile' ;) Within its limitations, it's still better than nothing. But
it would be a very bad thing not to know of the limitations and to
think that is actually secure.
The plugin for Gaim seems to be nice, we're going to try it out. Maybe
the other options will also become interesting.
Do you think it's sufficiently secure that way? Like 'the plugin works
as advertised' or 'the plugin is crap because it's easyly decrypted or
exploited'? With whatever be used, it's hard to tell.