Subj : Directly include binary data in messages
To   : James Coyle
From : Alexey Vissarionov
Date : Fri Feb 25 2022 11:22 am

Good ${greeting_time}, James!

25 Feb 2022 01:10:58, you wrote to me:

 AV>>  JC> Synchronet and Mystic support direct BINKP over SSL natively

Your software fails to quote the text correctly. For example, this word:

 AV>> which

      ^^^^^
wasn't written by me.

When quoting, the correctly written software should add one '>' character to _the_ _tail_ of existing quote prefix, so /^ XY>>/ should become /^ XY>>>/

 AV>> It's the most stupid thing that could be done.
 AV>> The SSL was good 15...20 years ago, but now it doesn't conform to
 AV>> modern
 JC> Okay so tell me what is better than TLS 1.3 then

SSH is a really good example.

 JC> since you seem to think you know more about security than the entire
 JC> security industry.

I'm _in_ that industry.

 JC> Every enterprise on the planet uses an iteration of secure socket
 JC> layer most commonly TLS 1.2 in 2022.

Here you said "enterprise"... Most of them have no other option than HTTPS.

 AV>>  JC> Of course SSL doesn't stop routed netmail from being read by a
 AV>> SysOp
 AV>>  JC> in the middle though, so in this case Mystic does AES-256
 AV>> encrypted
 AV>>
 AV>> Using the artifically weakened cryptography is a very, very unwise
 AV>> idea.
 JC> If the widespread enterprise-level adoption of AES-256 is inferior
 JC> and very very unwise for two-way encryption, then please let us (and
 JC> the rest of the security world) know what should be used instead?

For the standard: second finalist and the real winner - Twofish.
For the practical purposes: Twofish, Threefish or Grasshopper.

That's about the symmetric ciphers. Also there are hash functions much more efficient and stronger than SHA family (Skein, Streebog). And finally, the public-key algorithms I can recommend are the old good RSA (with at least 8192-bit keys, of course) and the elegant ED25519 (based on Edwards curve).

 JC> How will be ever protect our highly classified FidoNet netmail with
 JC> the never-been-compromised AES-256? lolol

AES is the standard (what a shame... american standard is based on a foreign development) prescribing the use of Rijndael algorithm.

Also, what mode do you prefer for it? CBC, CFB, CTR, ECB, GCM, XTS, or?

 JC> Assuming there is no future flaw discovered in the algorithm, it
 JC> would take every single computer on the planet thousands of years to
 JC> brute force a single AES key.

You mean the 20-years-old SP-net with fixed non-random S-blocks? I have some really bad forecast for you...

 JC> I don't think you could have possibly missed the mark any more than
 JC> you did with this post lol.

"Во тупоой..."


--
Alexey V. Vissarionov aka Gremlin from Kremlin
gremlin.ru!gremlin; +vii-cmiii-ccxxix-lxxix-xlii

.... that's why I really dislike fools.
--- /bin/vi
 * Origin: ::1 (2:5020/545)

.