[Ach] General agreement on cipher and hash strength and choice

Daniel.Kovacic at a-trust.at Daniel.Kovacic at a-trust.at
Sun Nov 24 18:21:41 CET 2013


I am currently revicing the gpg (cipher suite) section and I noticed that we are very inconsistent in ordering ciphers and hashes in our configs. Especially AES{128|256}, SHA{256|512} etc attracted me. To be precise we have no consensus whether we prefer aes128 over aes256, sha256 over sha512 and so on. Same with RSA key lenght. I personally dont like that and I think we should get to an agreement here. I prefer recommending the most compatible, wide spread, fastest etc algorithm we agree on being absolutely recommendable at the point of writing. So I would always list aes128 before aes256 and sha256 before sha512 per default. I also think that just preferring the bigger numbers for the sake of being bigger looks a bit dubious and one who reads rsa 4096 might ask 'why?'

best regards

More information about the Ach mailing list