Cryptography
RSA vs ECDSA/ECDH
So we've been using RSA for a while now. I wonder, is it still secure? I'm wondering whether surveillance agencies can at this point read traffic encrypted with say, TLS_ECDH_RSA_WITH_AES_128_GCM?
Ultimately, what is the best way to implement https? RSA? DSA? ECDSA? ECDH? Is elliptic curve stronger/more secure than RSA? (take quantum computers into account) Does perfect forward secrecy make it impossible to decrypt collected traffic in case the private key get's compromised in the feature? what implementation of https/ssl/tls makes it impossible to bulk collect data and decrypt it afterwards should the key be compromised.
Besides that, what else should be done to ensure data transmitted over https is secure?
Solution
Assuming you manage to safely generate RSA keys which are sufficiently large, i.e. >= 2048 bits, no TLS configuration flaw on your side, and the lack of security bugs in the TLS library used by your server or the one used by the client user agent, I do not believe TLS_ECDH_RSA_WITH_AES_128_GCM can, at this point, be decrypted by surveillance agencies.
Here's a couple of resources listing best practices for implementing https:
- SSL/TLS Deployment Best Practices by Ivan Risti
- Mozilla Guide for Configuring TLS on Servers
- What is perfect forward secrecy (PFS) as used in SSL?
External Links
External links referenced by this document: