[tor-talk] time to disable 3DES?

Yawning Angel yawning at schwanenlied.me
Mon Oct 7 22:36:08 UTC 2013

* Lee <ler762 at gmail.com> [2013-10-07 15:58:19 -0400]:
> Isn't it time to quit using DES?
> Finally gave TBB a try (version 2.3.25-13), seems to me that the
> firefox component needs a lot of hardening.

DES != 3DES, and supporting 3DES suites is standard across major browsers.

Additionally, having support for something does not mean that it will be used
(unless the webserver on the remote end is horrifically misconfigured, any one
of the other CipherSuites sent in the ClientHello will be negotiated over the
3DES suites).

Considering that there are far better ways of attacking a TBB user than
attacking the bulk cryptography I'm really failing to see the issue here.

Yawning Angel

More information about the tor-talk mailing list