Hello, On Sat, Dec 30, 2017 at 12:16 AM, Daniel Kahn Gillmor <dkg at fifthhorseman.net> wrote:> On Thu 2017-12-28 21:31:28 -0800, Dan Mahoney (Gushi) wrote: > > > > Perhaps if you're dead-set on this being so dangerous, > > It's not the developers who are dead-set on weak-keyed RSA being > insecure, it's the cryptanalysts who have shown that to be the case :) >?To further supplement this point, here is the paper that explain how RSA-768 was factorized. In 2010, the authors estimated that it would take around 1500 years to a single-core machine of this generation to ?do the same thing. We're 7 years after their first results, and we now have access to massive cloud-based behemoths for a discount. How much time would it resist? The idea of removing weak ciphers from a widely used piece of software is a good one - that way, you strengthen the whole ecosystem. Going the reverse path would simply make less informed people be the weak link of the Internet, putting possibly many more at risk. Best regards, -- Emmanuel Deloget
On Sun, Dec 31, 2017 at 7:24 PM, Emmanuel Deloget <logout at free.fr> wrote:> Hello, > > On Sat, Dec 30, 2017 at 12:16 AM, Daniel Kahn Gillmor < > dkg at fifthhorseman.net> wrote: > >> On Thu 2017-12-28 21:31:28 -0800, Dan Mahoney (Gushi) wrote: >> >> >> > Perhaps if you're dead-set on this being so dangerous, >> >> It's not the developers who are dead-set on weak-keyed RSA being >> insecure, it's the cryptanalysts who have shown that to be the case :) >> > > > ?To further supplement this point, here is the paper that explain how > RSA-768 was factorized. In 2010, the authors estimated that it would take > around 1500 years to a single-core machine of this generation to ?do the > same thing. We're 7 years after their first results, and we now have access > to massive cloud-based behemoths for a discount. How much time would it > resist? >?Of course, it's always better with the link itself: https://eprint.iacr.org/2010/006.pdf ?> > The idea of removing weak ciphers from a widely used piece of software is > a good one - that way, you strengthen the whole ecosystem. Going the > reverse path would simply make less informed people be the weak link of the > Internet, putting possibly many more at risk. > > Best regards, > > -- Emmanuel Deloget > > >
On 01/01/18 04:58, Emmanuel Deloget wrote:> The idea of removing weak ciphers from a widely used piece of software is > a good one - that way, you strengthen the whole ecosystem. Going the > reverse path would simply make less informed people be the weak link of the > Internet, putting possibly many more at risk.This doesn't make the Internet more secure because people aren't about to throw away expensive equipment just because the latest openssh throws a hissy fit.? They'll use an alternative.? Perhaps the alternative will be an older, less secure version of openssh. Perhaps it will be even less secure telnet.? They will continue to use their still-good equipment, and so they should. If people choose to use old versions of openssh, which is likely, they may also choose to make that the only version they use.? It makes a lot of sense: it saves having to think about two different versions of the same software, one which works properly and one which seems broken.? Force people to make this choice and you weaken the whole ecosystem. Is there a way to stop people using weak ciphers without weakening the ecosystem?? There is a way which is close: make openssh not use weak ciphers unless the user says "I really, really need to use this weak cipher."? That's all this is about. That doesn't weaken the ecosystem; it makes it stronger. Removing a weak cipher weakens the ecosystem by pushing people into using old tools that have real bugs.? It's also arrogant.? it sounds too much like, "you're too ignorant/lazy/cheap to decide what's right for you so we'll make you do what we want, and we don't care how expensive and disruptive it is for you." Removing a weak cipher breaks things that it didn't need to break.? That's outrageous. It does not hurt to make the weaker cipher an option.? It's not hard, no harder than the effort to remove it.