[Ach] NIST review of cryptographic standards
Thomas Schreck
tom at schreck-thomas.de
Thu Nov 7 00:22:06 CET 2013
Hi Maarten,
> You are right. Today it would be difficult to add them to a default
> configuration, as the support simply is not there on the server or
> client side, but in the near future these will make good alternatives
> for things like AES-GCM.
definitely! But it takes time that everyone adoptes the ciphers and we
have a wide-spread usage of them ...
>
> That actually brings up a more process comment- I think it pays to think
> about setting expectations with consumers of the configurations that
> these configurations needs to be considered agile, and that the
> recommended configurations will change over time and will need to be
> updated. Perhaps even test and flag what the most common break scenarios
> are between updates (e.g. error message, hanging connection, ...), so
> administrators do not just roll back completely if permitting a single
> weaker cipher would address the break scenario.
Totally agree with you. There must be a scope.
@Aaron: Your idea using a support matrix may be a good starting point.
Regarding websites which checks for conformity, I really like Peter's
Jabber/XMPP Testwebsite https://xmpp.net/index.php
Thomas
>
> Cheers,
> Maarten
>
>
> On Wed, Nov 6, 2013 at 2:51 PM, Thomas Schreck <tom at schreck-thomas.de
> <mailto:tom at schreck-thomas.de>> wrote:
>
> Hi Maarten,
>
> so we cannot really recommend that ciphers but good to see that they are
> working on improving that.
>
> Thomas
>
> On 06/11/13 23:45, Maarten Van Horenbeeck wrote:
> > Hi Thomas,
> >
> > For ChaCha20, there's basic support already in Mozilla:
> > https://bugzilla.mozilla.org/show_bug.cgi?id=917571
> >
> > Adam Langley, Ben Laurie, Elie Bursztein and others are also driving
> > development in other client libraries like NSS and OpenSSL:
> > https://www.imperialviolet.org/2013/10/07/chacha20.html
> >
> > There's support for Rabbit in CyaSSL, but I don't see a lot of
> practical
> > support for it emerging outside of that library.
> >
> > Cheers,
> > Maarten
> >
> >
> > On Wed, Nov 6, 2013 at 1:43 PM, Thomas Schreck
> <tom at schreck-thomas.de <mailto:tom at schreck-thomas.de>>wrote:
> >
> >>
> >> Hi Maarten,
> >>>
> >>> E.g. it recommends Rabbit as a stream cipher, instead of
> Salsa20, which
> >> is
> >>> pretty popular (e.g.
> >>> http://tools.ietf.org/html/draft-josefsson-salsa20-tls-02). Both
> were
> >> part
> >>> of the eSTREAM portfolio recommendation for software
> implementations.
> >>
> >> are there any implementations of that ciphers despite the
> reference ones?
> >>
> >> Thomas
> >>
> >>>
> >>> Cheers,
> >>> Maarten
> >>>
> >>>
> >>> On Mon, Nov 4, 2013 at 5:57 AM, Thomas Schreck
> <tom at schreck-thomas.de <mailto:tom at schreck-thomas.de>
> >>> wrote:
> >>>
> >>>> BSI is also providing a list of recommended key lengths
> >>>>
> >>>>
> >>
> https://www.bsi.bund.de/DE/Publikationen/TechnischeRichtlinien/tr02102/index_htm.html
> >>>>
> >>>> German only ...
> >>>>
> >>>> Am 04.11.2013 14:15, schrieb L. Aaron Kaplan:
> >>>>>
> >>>>> On Nov 4, 2013, at 2:04 PM, Aaron Zauner <azet at azet.org
> <mailto:azet at azet.org>> wrote:
> >>>>>
> >>>>>> Hi *,
> >>>>>>
> >>>>>> This might be of interest:
> >>>> http://csrc.nist.gov/groups/ST/crypto-review/index.html
> >>>>>>
> >>>>> Thanks, I updated the section methods.tex accordingly.
> >>>>>
> >>>>> $ git pull
> >>>>>
> >>>>>
> >>>>> a.
> >>>>>
> >>>>>> Aaron
> >>>>>> _______________________________________________
> >>>>>> Ach mailing list
> >>>>>> Ach at lists.cert.at <mailto:Ach at lists.cert.at>
> >>>>>> http://lists.cert.at/cgi-bin/mailman/listinfo/ach
> >>>>>
> >>>>> ---
> >>>>> // L. Aaron Kaplan <kaplan at cert.at <mailto:kaplan at cert.at>> -
> T: +43 1 5056416 78 <tel:%2B43%201%205056416%2078>
> >>>>> // CERT Austria - http://www.cert.at/
> >>>>> // Eine Initiative der nic.at <http://nic.at> GmbH -
> http://www.nic.at/
> >>>>> // Firmenbuchnummer 172568b, LG Salzburg
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>> _______________________________________________
> >>>>> Ach mailing list
> >>>>> Ach at lists.cert.at <mailto:Ach at lists.cert.at>
> >>>>> http://lists.cert.at/cgi-bin/mailman/listinfo/ach
> >>>>>
> >>>>
> >>>>
> >>>> _______________________________________________
> >>>> Ach mailing list
> >>>> Ach at lists.cert.at <mailto:Ach at lists.cert.at>
> >>>> http://lists.cert.at/cgi-bin/mailman/listinfo/ach
> >>>>
> >>>>
> >>>
> >> _______________________________________________
> >> Ach mailing list
> >> Ach at lists.cert.at <mailto:Ach at lists.cert.at>
> >> http://lists.cert.at/cgi-bin/mailman/listinfo/ach
> >>
> >
> _______________________________________________
> Ach mailing list
> Ach at lists.cert.at <mailto:Ach at lists.cert.at>
> http://lists.cert.at/cgi-bin/mailman/listinfo/ach
>
>
More information about the Ach
mailing list