Later this evening (Friday, Sep 6, 2013) the encryption on this website will be increased to nearly the maximum level possible. It was already near the top of what is available on the Internet.
Initial testing shows that everyone should still be able to connect just like you always have. It probably won't appear much different.
It is possible the site could run slightly slower by maybe 10-20% to handle the extra processing needed.
In case you have any problems, please try another browser, or try the site again every hour or so.
Windows XP with Service Pack 3 and later appear to be fine. Mobile devices seem to work as well. Anything earlier than that might not work. If you are running Windows XP, and can't connect later, you might want to check that you are on the latest service pack from Microsoft.
The reason for this latest upgrade is due to the just released news about many encrypted web sites, are not so encrypted.
See the following news article:
Revealed: how US and UK spy agencies defeat internet privacy and security
http://www.theguardian.com/world/2013/sep/05/nsa-gchq-encryption-codes-security
To summarize it, even web sites with ssl / https encryption on them are not very secure against surveillance.
Reading between the lines of the article, the only possible way to hope for some privacy is to use the maximum possible encryption levels that browsers are generally capable of.
In my previous blog entry, I already outlined steps that we were taking including the conversion of the site to https and the newest TLS protocols and perfect forward security.
In addition to all of those, I have identified another area which can be improved on.
There is a key that handles the security negotiation when communicating with this web site. Previously it was set to 2048 bits with SHA level 1.
Tonight it will be increased to 4096 bits with SHA level 2 (aka SHA256). This represents an exponential increase of security over the previous level, not just twice.
Increasing key lengths is one of the methods recommended to counteract these potential weaknesses. More about that can be read here:
http://www.wired.com/opinion/2013/0...ctly-are-the-nsas-cryptanalytic-capabilities/
In our case, we'll be jumping even a step further to 4096.
In the near future, I will also be evaluating some of the other areas in the web site that could improve privacy. These include things such as allowing visitors to post without registering, removing email requirements to register, and other such things. This could cause problems due to the anonymity, so some balance will need to be found.
Thanks for your patience. Let me know if you have any questions.
Update: Sep. 7, 2013. Upgrade completed at 9:00 AM Central Time.
Before:
After:
Initial testing shows that everyone should still be able to connect just like you always have. It probably won't appear much different.
It is possible the site could run slightly slower by maybe 10-20% to handle the extra processing needed.
In case you have any problems, please try another browser, or try the site again every hour or so.
Windows XP with Service Pack 3 and later appear to be fine. Mobile devices seem to work as well. Anything earlier than that might not work. If you are running Windows XP, and can't connect later, you might want to check that you are on the latest service pack from Microsoft.
The reason for this latest upgrade is due to the just released news about many encrypted web sites, are not so encrypted.
See the following news article:
Revealed: how US and UK spy agencies defeat internet privacy and security
http://www.theguardian.com/world/2013/sep/05/nsa-gchq-encryption-codes-security
To summarize it, even web sites with ssl / https encryption on them are not very secure against surveillance.
Reading between the lines of the article, the only possible way to hope for some privacy is to use the maximum possible encryption levels that browsers are generally capable of.
In my previous blog entry, I already outlined steps that we were taking including the conversion of the site to https and the newest TLS protocols and perfect forward security.
In addition to all of those, I have identified another area which can be improved on.
There is a key that handles the security negotiation when communicating with this web site. Previously it was set to 2048 bits with SHA level 1.
Tonight it will be increased to 4096 bits with SHA level 2 (aka SHA256). This represents an exponential increase of security over the previous level, not just twice.
Increasing key lengths is one of the methods recommended to counteract these potential weaknesses. More about that can be read here:
it’s pretty easy to stay a few steps ahead of the NSA by using ever-longer keys. We’re already trying to phase out 1024-bit RSA keys in favor of 2048-bit keys. Perhaps we need to jump even further ahead and consider 3072-bit keys.
http://www.wired.com/opinion/2013/0...ctly-are-the-nsas-cryptanalytic-capabilities/
In our case, we'll be jumping even a step further to 4096.
In the near future, I will also be evaluating some of the other areas in the web site that could improve privacy. These include things such as allowing visitors to post without registering, removing email requirements to register, and other such things. This could cause problems due to the anonymity, so some balance will need to be found.
Thanks for your patience. Let me know if you have any questions.
Update: Sep. 7, 2013. Upgrade completed at 9:00 AM Central Time.
Before:
After:
