On Fri, Aug 2, 2013 at 7:23 PM, Anthony <wikimail(a)inbox.org> wrote:
On Fri, Aug 2, 2013 at 10:07 PM, Anthony
<wikimail(a)inbox.org> wrote:
Anthony wrote:
How much padding is already inherent in HTTPS?
None, which is why Ryan's Google Maps fingerprinting example works.
Citation needed.
Also please address
https://en.wikipedia.org/wiki/Block_cipher_modes_of_operation#Padding
It seems that the ciphers which run in CBC mode, at least, are padded.
Wikipedia currently seems to be set to use RC4 128. I'm not sure what, if
any, padding is used by that cipher. But presumably Wikipedia will switch
to a better cipher if Wikimedia cares about security.
We're currently have RC4 and AES ciphers in our list, but have RC4 listed
first and have a server preference list to combat BEAST. TLS 1.1/1.2 are
enabled and I'll be adding the GCM ciphers to the beginning of the list
either during Wikimania or as soon as I get back.
- Ryan