Subj : RE: Secure binkp
To   : Al
From : NuSkooler
Date : Mon Nov 25 2019 07:49 pm


On Monday, November 25th Al was heard saying...
Al> My understanding is that TLS 1.3 is secure and a good way to proceed.

I don't mean to butt in, but the TLS 1.3 protocol is certainly secure. Ensure
you choose secure & modern suite(s). For example:
TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256

AES has the benefit of using AES-NI instructions on modern CPUs. Without these
instructions it can be up 30x slower and much more CPU intensive. If you're
running on very old hardware, some of this becomes almost a no-go as it's just
too intensive.

TLS is for PKI, which might make sense for a network op who could perhaps but
the Certificate Authority (CA), but I can see that quickly becoming an issue
when someone loses their private key/etc.

A end-to-end encryption system might be better if you're considering from
scratch (but of course OpenSSL and such make TLS much easier to implement).




--
>> NuSkooler
>> Xibalba BBS @ xibalba.l33t.codes / 44510(telnet) 44511(ssh)
>> ENiGMA 1/2 BBS WHQ | Phenom | 67 | iMPURE | ACiDic
--- ENiGMA 1/2 v0.0.11-beta (linux; x64; 12.13.1)
* Origin: Xibalba -+- xibalba.l33t.codes:44510 (21:1/121)

You are viewing proxied material from cvs.synchro.net. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.