Certified Security - Specialty

Sign Up Free or Log In to participate!

Doubtful advice given in Perfect Forward Secrecy and ALBs Lecture

The lecture explains correctly that you need ECDHE for PFS (actually, DHE also works and dóes exist for other predefined policies), but then goes on to repeat that because of that you always need to choose the 2016 policy ‘because it supports almost everything’. That’s really the wrong conclusion: other policies are equally supportive of PFS.

And choosing a policy because it supports everything in a security lecture is also doubtful advice: there’s a reason why the newer policies dropped support for certain ciphers and that’s because they’re considered weak and outdated.

0 Answers

Sign In
Welcome Back!

Psst…this one if you’ve been moved to ACG!

Get Started
Who’s going to be learning?