|
|
|
|
|
|
by wwwigham
3386 days ago
|
|
|
From the NOD crypto document, the following advice is given: > (S//NF) Tools should perform key exchange exactly once per connection. Many algorithms have
weaknesses during key exchange and the volume of data expected during a given connection does
not meet the threshold where a re-key is required.
xiii To reiterate, re-keying is not recommended. With the footnote: > xiii (S//NF) The exact nature of which algorithms are weak at this stage is highly classified. In the absence
of those facts this guidance is still relevant; the utility inherent in re-keying derives from minimizing key
exposure when performing bulk encryption of large amounts of data. Even the most data-intensive NOD
operations involve several fewer orders of magnitude of data per session key. Consequently, re-keying
introduces unnecessary complexity (and therefore opportunities for bugs or other unexpected behavior)
without delivering value in return. Which key exchange algorithms have key exchange vulnerabilities when keys are frequently exchanged, I wonder. |
|
|
Makes me wonder if either
- This whole leak is a "fake" or at least no big deal for the TLAs (because there is not much surprizing inside)
and / or:
- Most encryption is broken in a fundamental way. I would never be able find out, because the four or five influential security experts I know and trust, and who tell me it is safe, are bought by the TLAs. Who knows, maybe all PGP does effectively is to mark my mails as really really interesting. "They" can trivially decrypt them, and then they employ thousands of analysts who just do parallel construction on everything they find out (so they don't leak their exploit).