TLS does *NOT* stop man in the middle attacks. It just increases the complexity and required speed of a successful attack by a small amount.
And there never was "TLS 2048". You are mixing up RSA that is used by TLS with TLS itself. TLS is a entire security suite. It is not a single cipher, hash, checksum, or such. It is pretty much a catch all for modern software security.
SHA 512 will probably never be available. Period. Do you know why? We already use SHA-2 at 256 bits. If you add one single bit to any bitwise hash like SHA it doubles the possibilities. So doubling the bitwise strength would be taking 256 bit and doubling it 256 times. That is a freakishly large number.
If you are underestimating how strong binary multiplication is, follow this example. One bit has only two options. Two bits has four. Three bits has eight. Four bits has sixteen. Five bits has thirty two. Six bits has sixty four. Seven bits has one hundred and twenty eight. Eight bits has two hundred and fifty six. Nine bits has five hundred and twelve. And if you only counted in binary on your ten fingers, you could count to one thousand and twenty four.
All things binary are this strong. So there will not be a need for 512 bit hashes in the amount of time that anyone currently alive will live.
pfSense is more than strong enough to fend off the odd man in the middle attack. I suggest checking the pfSense forums if you want more detailed information. TLS is not needed to avoid MitM attacks, and you should disregard information that promises a golden miracle cure all wrapped up in a badly botched set of ciphers, hashes and way too much legacy crap from decades ago like TLS.
I hope this does not come across too harsh against you. I have no problem with you. I do however have some serious objections to TLS because of the ancient crapware shoved up an otherwise great security suites ass.
The reason I was asking about SHA 512 is that it is much more commonly supported now and the point of having higher then needed security is that if someone finds a weakness lowering the effective number of bits it uses then even the weakened state would provide adequate security.
Also I was reading up on TLS:
"TLS also provides two additional benefits that are commonly overlooked;
integrity guarantees and replay prevention. A TLS stream of
communication contains built-in controls to prevent tampering with any
portion of the encrypted data. In addition, controls are also built-in
to prevent a captured stream of TLS data from being replayed at a later
time."
Comments
And there never was "TLS 2048". You are mixing up RSA that is used by TLS with TLS itself. TLS is a entire security suite. It is not a single cipher, hash, checksum, or such. It is pretty much a catch all for modern software security.
SHA 512 will probably never be available. Period. Do you know why? We already use SHA-2 at 256 bits. If you add one single bit to any bitwise hash like SHA it doubles the possibilities. So doubling the bitwise strength would be taking 256 bit and doubling it 256 times. That is a freakishly large number.
If you are underestimating how strong binary multiplication is, follow this example. One bit has only two options. Two bits has four. Three bits has eight. Four bits has sixteen. Five bits has thirty two. Six bits has sixty four. Seven bits has one hundred and twenty eight. Eight bits has two hundred and fifty six. Nine bits has five hundred and twelve. And if you only counted in binary on your ten fingers, you could count to one thousand and twenty four.
All things binary are this strong. So there will not be a need for 512 bit hashes in the amount of time that anyone currently alive will live.
pfSense is more than strong enough to fend off the odd man in the middle attack. I suggest checking the pfSense forums if you want more detailed information. TLS is not needed to avoid MitM attacks, and you should disregard information that promises a golden miracle cure all wrapped up in a badly botched set of ciphers, hashes and way too much legacy crap from decades ago like TLS.
I hope this does not come across too harsh against you. I have no problem with you. I do however have some serious objections to TLS because of the ancient crapware shoved up an otherwise great security suites ass.
Good day everyone.
Also I was reading up on TLS:
"TLS also provides two additional benefits that are commonly overlooked; integrity guarantees and replay prevention. A TLS stream of communication contains built-in controls to prevent tampering with any portion of the encrypted data. In addition, controls are also built-in to prevent a captured stream of TLS data from being replayed at a later time."