[Ach] General agreement on cipher and hash strength and choice
Daniel.Kovacic at a-trust.at
Daniel.Kovacic at a-trust.at
Sun Nov 24 18:49:54 CET 2013
Hi,
I am currently revicing the gpg (cipher suite) section and I noticed that we are very inconsistent in ordering ciphers and hashes in our configs. Especially AES{128|256}, SHA{256|512} etc attracted me. To be precise we have no consensus whether we prefer aes128 over aes256, sha256 over sha512 and so on. Same with RSA key lenght. I personally dont like that and I think we should get to an agreement here. I prefer recommending the most compatible, wide spread, fastest etc algorithm we agree on being absolutely recommendable at the point of writing. So I would always list aes128 before aes256 and sha256 before sha512 per default. I also think that just preferring the bigger numbers for the sake of being bigger looks a bit dubious and one who reads rsa 4096 might ask 'why?'
best regards
Daniel
PS.: Sorry, if this message arrives multiple times. something here in our outlook is tricking me :-/
More information about the Ach
mailing list