Cryptography Asked by R1w on October 24, 2021
There are some vulnerability such POODLE, that allows the attacker to gain access to encrypted blocks of data and then gain exposure to plain text information using side channels.
Another vulnerability is TLS 1.2 which allows the GOLDENDOODLE attack to breach outdated crypto methods.
Is TLS 1.2 still secure and reliable or should we leave it and migrate to 1.3?
According to who? According to NCSC (the Dutch center for cyber security) for instance, TLS 1.2 is still considered "good", but it does go on to specify which cipher suites and specific configuration options are still considered "good".
This is kind of the problem with TLS 1.2: it has become a hodgepodge of different algorithms, key agreement schemes, certificate status, signature formats, bulk ciphers, hash algorithms and whatnot. So specifying that TLS 1.2 is good enough is basically hiding all the problems that are associated with it. TLS 1.2 is as good as the options that are chosen, and making sure that all the configuration / implementation pitfalls are avoided.
TLS 1.3 has been defined to strip most if not all of these problems away, and be build upon the best practices for popular encryption algorithms. It is both very similar to TLS 1.2 and different path from 1.2 in that sense. We've come a long way, and it is likely that TLS 1.3 will be more secure for longer than TLS 1.2 in a generic sense.
Is TLS 1.3 perfect? No, problems have and will be found. But it is generally more secure, more performant it has certainly a lot fewer options compared to TLS 1.2 that are certainly not secure or that are likely to become security issues in the future. There are still things like the mentioned 0-RTT and PSK that are relatively dangerous to use. In that sense TLS 1.3 in itself is not a secure solution all by itself either; specific usage scenarios still have to be considered.
That all said, it is certainly possible to configure TLS 1.2 in such a way that the protocol is still considered secure, or at least not broken fundamentally. So in that sense I suppose you could argue that there is no pressing need to move to TLS 1.3, as long as your choices for TLS 1.2 are considered sound.
Do note that this also kind of assumes that the inherent complexity of TLS 1.2 is not a problem in itself, and that's certainly debatable as well.
Answered by Maarten Bodewes on October 24, 2021
Get help from others!
Recent Questions
Recent Answers
© 2024 TransWikia.com. All rights reserved. Sites we Love: PCI Database, UKBizDB, Menu Kuliner, Sharing RPP