Google preps Chrome fix to slay SSL-attacking BEAST Google has prepared an update for its Chrome browser that protects users against an attack that decrypts data sent between browsers and many websites protected by the secure sockets layer protocol. The fix, which has already been added to the latest developer version of Chrome, is designed to thwart attacks from BEAST, proof-of …
This post has been deleted by its author
SSL v1.0 was never released to the public, SSL v1.1 and v1.2 never existed. I think you mean TLS. There's a really good summary of the history of SSL and TLS on Wikipedia:
https://secure.wikimedia.org/wikipedia/en/wiki/Transport_Layer_Security#History_and_development
TLS 1.0, otherwise known as SSL 3.1, came after SSL 3.0.
How bout we don't go for a "fixed for all time" size on the key? How bout we realise that no matter what size we pick it will (at some point in time) become "not enough" and try to come up with an automatic system to adjust it as necessary? Of course the biggest risk here is that the adjustment system is itself targetted and made to scale back to 1-bit (or 0-bits).
SSL certificates use 2048 bit keys (at least that's recommended minimum in certificate requests for general use) but the actual SSL/TLS data encryption is still only 256-bit or 128-bit for the major ciphers in use. Take Google.com for example - right now it has 256-bit encryption using AES256-SHA, 168-bit encryption using DES-CBC3-SHA, and all the other ciphers are 128-bit. Certificate key size is not the same as the encryption key size.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2025
