[Ach] 8.5.1 key exchange -- feedback, please!

Adi Kriegisch adi at kriegisch.at
Thu Nov 21 10:28:06 CET 2013


> regarding the
> TODO: Team: do we need references for all cipher suites considered weak?
> What about a single reference indicating that key lengths <112 (or
> whatever) are considered evil?
Ok. Added this to section 8.3. Btw this NIST publication seems to be a good
reference: http://csrc.nist.gov/publications/PubsSPs.html#800-57-part1
For HMAC they specify SHA-1 for 128bit ciphers only (p65). And -- up to now
-- I didn't even think about how many different keys 3DES may use: They
give 80 bit on 3DES with two different keys and 112bit with 3 different
> The "key exchange" section looks complete, but it needs much more
> clarity, especially since this is very complicated.
Absolutely. References to publications explaining this in more detail are
Any experts here who want to take a look at this?

> And what does the colorful table show? ;-)
Hehe... This was me trying to use traffic light colors to show what to use
and what not... I don't like the colors -- any suggestion on how to

-- Adi
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 827 bytes
Desc: Digital signature
URL: <http://lists.cert.at/pipermail/ach/attachments/20131121/ea00ebc4/attachment.sig>

More information about the Ach mailing list