Cryptography

As the German News-page Golem writes, Firefox is going to drop obsolete SSLv2 support in it's next version, because it has known vulnerabilities by design.
While this is in general a very good idea to make things "secure by default", it will probably lead to people crying "Firefox can't open URL xy any more". We have a vast number of deprecated servers, applications etc. that just don't support up-to-date security standards and weren't updated for ages.

Even SSLv3 supports a lot of weak ciphers, like Single-DES, RC4 etc., that are known to be broken for ages. Not to talk about things like RSA 1024 or SHA1, that are not yet broken in reality, but probably will be at some time in the future.
The implementation of secure standards in todays software is far away from what's neccessary for high security applications.

We need to get rid of all that old cruft. High security is possible with today's cryptography, but we have to use it and we have to design applications that use secure technology by default.

Soweit ganz nett hier, gestern hab ich mir n Vortrag zu elliptischen Kurven angeschaut, der ganz nett war. Heute gab's n interessanten Vortrag zu IPv6 mit anschließendem Workshop, wo ich erstmals IPv6 lokal bei mir am laufen hatte. Muss mich mal bei Gelegenheit drum kümmern, dass auch mein Blog über IPv6 erreichbar ist.

Gleich werd ich nen Vortrag zu kryptografischen Hash-Funktionen halten, die Folien gibt's hier schonmal als OpenDocument oder PDF.