Encryption: ENISA recommends 15360 Bit encryption
European Data Protection 10, NIST 0
Immediately use RSA 3072
RSA 15360 is recommended in the longer term (page 35)
**Note: IVPN have already moved to RSA 4096
**Time to ditch RSA 2048
Use WPA2 as a matter of urgency (page 61)
Bluetooth is vulnerable to man-in-the-middle attacks (page 63)
Beware CBC based encryption (page 37).
PKCS# – This encryption method defined in [281,282] has no modern security proof, although it is used in the SSL/TLS protocol extensively (page 48)
- NSA advice to ditch the use of ECC (as its a stopgap solution)
2. Weak DH
Many of my hunches are being proven right; these include a distrust of IPSec ( this I’ve considered a weak compromise solution from the very start).
Personally I would promote a safety factor of two as the minimum standard for encryption. Serpent offered a safety factor of over 3.5, whereas AES128 had a safety factor of 1.11. So you can see my point.
If NIST weakens Keccak, then move over to Threefish. We need to watch carefully how NIST plan to weakened Keccak – and perhaps encode the original design in defiance of NIST.
Which is the safest VPN on the market? Who do I use for a VPN?