[tbb-bugs] #18274 [Tor Browser]: 3DES_EDE_CBC cipher is vulnerable in the current TBB configuration!
Tor Bug Tracker & Wiki
blackhole at torproject.org
Mon Feb 8 15:22:06 UTC 2016
#18274: 3DES_EDE_CBC cipher is vulnerable in the current TBB configuration!
--------------------------+--------------------------
Reporter: bugzilla | Owner: tbb-team
Type: defect | Status: closed
Priority: Medium | Milestone:
Component: Tor Browser | Version:
Severity: Major | Resolution: invalid
Keywords: tbb-security | Actual Points:
Parent ID: | Points:
Sponsor: |
--------------------------+--------------------------
Comment (by bugzilla):
Ok. I was too hurry that hadn't checked Mozilla's whitelisting. But today
a lot of security labs propose disabling SHA at all, not saying about
112-bit deprecated ciphers. And, thank you, cypherpunks, for
> [https://bugzilla.mozilla.org/show_bug.cgi?id=1139778 Bug 1139778]
> >The usage rate of 3DES is still too high to use whitelist
But that citation refers to a research
https://tools.ietf.org/agenda/91/slides/slides-91-saag-3.pdf#page=12
where:
'''29-oct-2014''', 3DES, share in % - '''0,1'''
last date of SSLv3, share in % - 0,26
last date of RC4, share in % - 25,2
So disabling 3DES is easier then RC4.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/18274#comment:5>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tbb-bugs
mailing list