Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <CAH1ochwmt7Km6JzZUttXP_cq5iMt_y4EBUJbBP78Awg+fE7B0Q@mail.gmail.com>
Date: Mon, 4 Nov 2013 11:47:12 -0700
From: Mike <mikedawg@...il.com>
To: oss-security@...ts.openwall.com
Cc: hanno@...eck.de
Subject: Re: openssl default ciphers

RC4 should absolutely not be included.

RC4 is just as broken, if not broken worse than other cryptographic
algorithms. I recommend you check out Matthew Green's blog:
http://blog.cryptographyengineering.com/2013/03/attack-of-week-rc4-is-kind-of-broken-in.html

If you search around, you can find similar stories of problems with
RC4 (like this one from Qualys:
https://community.qualys.com/blogs/securitylabs/2011/10/17/mitigating-the-beast-attack-on-tls
 )

Mike

On Mon, Nov 4, 2013 at 11:41 AM, Stefan Bühler <stbuehler@...httpd.net> wrote:
> On Mon, 4 Nov 2013 18:49:06 +0100
> Hanno Böck <hanno@...eck.de> wrote:
>
>> On Mon, 4 Nov 2013 18:16:30 +0100
>> Stefan Bühler <stbuehler@...httpd.net> wrote:
>>
>> > Is 'DEFAULT@...ENGTH:!LOW:!EXP' (should
>> > be similar to 'HIGH:MEDIUM:!aNULL') a reasonably default?
>>
>> SSLCipherSuite HIGH:!MEDIUM:!LOW:!aNULL@...ENGTH
>> should be fine. There are basically near zero browsers out there that
>> should have any problems with that. Even dinosaurs like IE6 can work
>> with this, you don't need "medium" ciphers as long as you don't want
>> to make a site accessible to browser museums.
>
> There is no difference to HIGH:!aNULL on my system. I don't see why
> HIGH:!MEDIUM:!LOW could be not equal to HIGH anyway...
>
>> And looking at what medium includes that high doesn't, it seems you
>> really don't want that ancient cipher suites:
>> -DHE-RSA-SEED-SHA
>> -DHE-DSS-SEED-SHA
>> -SEED-SHA
>> -IDEA-CBC-SHA
>> -IDEA-CBC-MD5
>> -RC2-CBC-MD5
>> -ECDHE-RSA-RC4-SHA
>> -ECDHE-ECDSA-RC4-SHA
>> -ECDH-RSA-RC4-SHA
>> -ECDH-ECDSA-RC4-SHA
>> -RC4-SHA
>> -RC4-MD5
>> -RC4-MD5
>> -PSK-RC4-SHA
>
> This is not what I get for "MEDIUM" (debian testing); I see only SEED +
> RC4; RC2 is an export cipher; wikipedia has some stuff on IDEA, and it
> seems indeed "ancient". SEED might be more relevant (for Korea...), and
> RC4 is having a big comeback due to the BEAST attack.
>
> I think due to BEAST a default collection should include RC4; that is
> why I included MEDIUM.



-- 
Mike

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.