[Ach] General agreement on cipher and hash strength and choice
ianG
iang at iang.org
Mon Nov 25 15:54:33 CET 2013
I recommend AES128, SHA256 (pending Keccak) and RSA 2048.
Not DSA. Hold off on EC until DJB curves are in place.
My contrarian opinion (tm) is that if one has more particular needs or
concerns, then one had better do ones own research, and one should not
be reading advice of a best practices / lowest common denominator nature.
iang
On 25/11/13 16:19 PM, Philipp Gühring wrote:
> Hi,
>
> From my point of view, there is no clear preferance regarding AES128 vs.
> AES256 from the security point of view, it depends on your subjective
> attacker.
> Therefore, I don´t mind that we aren´t consistent in a preferrance at the
> moment regarding AES128 vs. AES256.
>
> Regarding SHA256 vs. SHA512, I think SHA512 is likely more secure than
> SHA256, but both are acceptable at the moment.
> Regarding RSA, my current suggestion is to use 4096 for long-term keys
> like root-certificates, and to use 2048 bits for normal applications.
>
> Best regards,
> Philipp Gühring
>
> -----Original Message-----
> From: <Daniel.Kovacic at a-trust.at>
> To: <ach at lists.cert.at>
> Date: Sun, 24 Nov 2013 17:49:54 +0000
> Subject: [Ach] General agreement on cipher and hash strength and choice
>
>> Hi,
>>
>> I am currently revicing the gpg (cipher suite) section and I noticed
>> that we are very inconsistent in ordering ciphers and hashes in our
>> configs. Especially AES{128|256}, SHA{256|512} etc attracted me. To be
>> precise we have no consensus whether we prefer aes128 over aes256,
>> sha256 over sha512 and so on. Same with RSA key lenght. I personally
>> dont like that and I think we should get to an agreement here. I prefer
>> recommending the most compatible, wide spread, fastest etc algorithm we
>> agree on being absolutely recommendable at the point of writing. So I
>> would always list aes128 before aes256 and sha256 before sha512 per
>> default. I also think that just preferring the bigger numbers for the
>> sake of being bigger looks a bit dubious and one who reads rsa 4096
>> might ask 'why?'
>>
>> best regards
>> Daniel
>>
>> PS.: Sorry, if this message arrives multiple times. something here in
>> our outlook is tricking me :-/
>> _______________________________________________
>> Ach mailing list
>> Ach at lists.cert.at
>> http://lists.cert.at/cgi-bin/mailman/listinfo/ach
>
> _______________________________________________
> Ach mailing list
> Ach at lists.cert.at
> http://lists.cert.at/cgi-bin/mailman/listinfo/ach
>
More information about the Ach
mailing list