From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gentoo-user+bounces-155212-garchives=archives.gentoo.org@lists.gentoo.org>
Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80])
	by finch.gentoo.org (Postfix) with ESMTP id 9084C138A1F
	for <garchives@archives.gentoo.org>; Sat, 19 Apr 2014 15:57:16 +0000 (UTC)
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id 45754E0B43;
	Sat, 19 Apr 2014 15:52:58 +0000 (UTC)
Received: from lyseo.edu.ouka.fi (unknown [82.128.138.2])
	by pigeon.gentoo.org (Postfix) with ESMTP id 14BB6E0B36
	for <gentoo-user@lists.gentoo.org>; Sat, 19 Apr 2014 15:52:57 +0000 (UTC)
Received: from [10.168.124.122] (85-76-40-94-nat.elisa-mobile.fi [85.76.40.94])
	(using TLSv1 with cipher AES128-SHA (128/128 bits))
	(No client certificate requested)
	by lyseo.edu.ouka.fi (Postfix) with ESMTPSA id D2206193F980
	for <gentoo-user@lists.gentoo.org>; Sat, 19 Apr 2014 18:52:55 +0300 (EEST)
Subject: Re: [gentoo-user] Re: Heartbleed fix - question re: replacing self-signed certs with real ones
References: <201404171649.57228.michaelkintzios@gmail.com> <201404182001.31265.michaelkintzios@gmail.com> <53518AB0.3040802@gmail.com> <201404190033.35662.michaelkintzios@gmail.com> <5352965E.4020708@gmail.com>
From: Matti Nykyri <matti.nykyri@iki.fi>
Content-Type: multipart/alternative;
	boundary=Apple-Mail-00D24D92-99C0-457A-8F87-1786C7C8C0AF
X-Mailer: iPhone Mail (9B206)
In-Reply-To: <5352965E.4020708@gmail.com>
Message-Id: <0E54F746-D111-4689-8156-786BFC3FA136@iki.fi>
Date: Sat, 19 Apr 2014 18:43:50 +0300
To: "gentoo-user@lists.gentoo.org" <gentoo-user@lists.gentoo.org>
Content-Transfer-Encoding: 7bit
Precedence: bulk
List-Post: <mailto:gentoo-user@lists.gentoo.org>
List-Help: <mailto:gentoo-user+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-user+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-user+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-user.gentoo.org>
X-BeenThere: gentoo-user@lists.gentoo.org
Reply-to: gentoo-user@lists.gentoo.org
Mime-Version: 1.0 (1.0)
X-Archives-Salt: 5b26b27d-b190-4028-9461-e2cfba6304fa
X-Archives-Hash: 4497a4a04f30f39c877f6232a773660b


--Apple-Mail-00D24D92-99C0-457A-8F87-1786C7C8C0AF
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
	charset=us-ascii

On Apr 19, 2014, at 18:29, Dale <rdalek1967@gmail.com> wrote:

> Mick wrote:
> > Encryption still works, at
>       least for some attackers. The fact that burglars can pick locks
>       doesn't mean that you should leave your door unlocked. FWIW I just
>       checked my bank's website encryption ... they *still* use RC4!!!
>       O_O I guess they are keen to make sure all these customers with
>       WinXP and MSIE 7.0 can still login? For crying out loud! It seems
>       that RSA's days may be numbered and elliptic curve cryptography
>       would be the way forward, not because of resource constrained
>       mobile devices, but also because of recent advances in
>       crypto-analytics which may make RSA obsolete:
>       http://www.technologyreview.com/news/517781/math-advances-raise-the-=
prospect-of-an-internet-security-crisis/
>    =20
>=20
> How does one find out what their bank uses?  I'd like to check on what min=
e uses.  I have Seamonkey and Firefox installed here IF it matters.=20

Well you can use ssllabs.com. I use it for debuging. Here is what Bank of Am=
erica uses:

https://www.ssllabs.com/ssltest/analyze.html?d=3Dwww.bankofamerica.com&hideR=
esults=3Don

-Matti=

--Apple-Mail-00D24D92-99C0-457A-8F87-1786C7C8C0AF
Content-Transfer-Encoding: 7bit
Content-Type: text/html;
	charset=utf-8

<html><head></head><body bgcolor="#FFFFFF"><div><span class="Apple-style-span" style="-webkit-tap-highlight-color: rgba(26, 26, 26, 0.292969); -webkit-composition-fill-color: rgba(175, 192, 227, 0.230469); -webkit-composition-frame-color: rgba(77, 128, 180, 0.230469); ">On Apr 19, 2014, at 18:29, Dale &lt;<a href="mailto:rdalek1967@gmail.com">rdalek1967@gmail.com</a>&gt; wrote:</span></div><div><br></div><div></div><blockquote type="cite"><div>
  
    <meta content="text/html; charset=UTF-8" http-equiv="Content-Type">
  
  
    Mick wrote:<br>
    <span style="white-space: pre;">&gt; Encryption still works, at
      least for some attackers. The fact that burglars can pick locks
      doesn't mean that you should leave your door unlocked. FWIW I just
      checked my bank's website encryption ... they *still* use RC4!!!
      O_O I guess they are keen to make sure all these customers with
      WinXP and MSIE 7.0 can still login? For crying out loud! It seems
      that RSA's days may be numbered and elliptic curve cryptography
      would be the way forward, not because of resource constrained
      mobile devices, but also because of recent advances in
      crypto-analytics which may make RSA obsolete:
      <a class="moz-txt-link-freetext" href="http://www.technologyreview.com/news/517781/math-advances-raise-the-prospect-of-an-internet-security-crisis/">http://www.technologyreview.com/news/517781/math-advances-raise-the-prospect-of-an-internet-security-crisis/</a>
    </span><br>
    <br>
    How does one find out what their bank uses?&nbsp; I'd like to check on
    what mine uses.&nbsp; I have Seamonkey and Firefox installed here IF it
    matters. <br>
  

</div></blockquote><br><div>Well you can use <a href="http://ssllabs.com">ssllabs.com</a>. I use it for debuging. Here is what Bank of America uses:</div><div><br></div><a href="https://www.ssllabs.com/ssltest/analyze.html?d=www.bankofamerica.com&amp;hideResults=on">https://www.ssllabs.com/ssltest/analyze.html?d=www.bankofamerica.com&amp;hideResults=on</a><div><br></div><div>-Matti</div></body></html>
--Apple-Mail-00D24D92-99C0-457A-8F87-1786C7C8C0AF--