feature request: forward secrecy DHE-RSA-AES256-SHA

Logicwax · « **on:** January 15, 2014, 02:37:34 »

Is there planned forward secrecy encryption for Flexhub?

for example, on a flexhub hub, you will see AES256-SHA for the hub connection.

On other hubsofts (like ADCH), you will see DHE-RSA-AES256-SHA for the hub connection, implying forward secrecy.

It would be great to see Flexhub upgraded to this common crypto standard that is available on other hubs.

FlipFlop™ · « **Reply #1 on:** January 15, 2014, 03:15:05 »

It looks like it can be done, I'll put it on the todo list.

Logicwax · « **Reply #2 on:** January 15, 2014, 03:23:22 »

great!

Because in multi-user systems like ADC hubs, forward secrecy gains importance. All it takes is one user to have the key leaked, and any and all captured traffic ever logged is able to be decrypted and recovered.

DHE-RSA adds a way for a session-unique key to exist, so years of captured data would be rendered useless.

Logicwax · « **Reply #3 on:** January 16, 2014, 00:03:33 »

according to this site:
http://www.broadinstitute.org/~carneiro/software/luassl/references.html#ephemeral

some source code changes would need to be made in the Lua code.

feature request: forward secrecy DHE-RSA-AES256-SHA

Logicwax

feature request: forward secrecy DHE-RSA-AES256-SHA

FlipFlop™

Re: feature request: forward secrecy DHE-RSA-AES256-SHA

Logicwax

Re: feature request: forward secrecy DHE-RSA-AES256-SHA

Logicwax

Re: feature request: forward secrecy DHE-RSA-AES256-SHA