[Ach] General agreement on cipher and hash strength and choice
Aaron Zauner
azet at azet.org
Mon Nov 25 16:10:36 CET 2013
On 25 Nov 2013, at 15:54, ianG <iang at iang.org> wrote:
> I recommend AES128, SHA256 (pending Keccak) and RSA 2048.
>
> Not DSA. Hold off on EC until DJB curves are in place.
>
> My contrarian opinion (tm) is that if one has more particular needs or concerns, then one had better do ones own research, and one should not be reading advice of a best practices / lowest common denominator nature.
>
> iang
+1
>
>
> On 25/11/13 16:19 PM, Philipp Gühring wrote:
>> Hi,
>>
>> From my point of view, there is no clear preferance regarding AES128 vs.
>> AES256 from the security point of view, it depends on your subjective
>> attacker.
>> Therefore, I don´t mind that we aren´t consistent in a preferrance at the
>> moment regarding AES128 vs. AES256.
>>
>> Regarding SHA256 vs. SHA512, I think SHA512 is likely more secure than
>> SHA256, but both are acceptable at the moment.
>> Regarding RSA, my current suggestion is to use 4096 for long-term keys
>> like root-certificates, and to use 2048 bits for normal applications.
>>
>> Best regards,
>> Philipp Gühring
>>
>> -----Original Message-----
>> From: <Daniel.Kovacic at a-trust.at>
>> To: <ach at lists.cert.at>
>> Date: Sun, 24 Nov 2013 17:49:54 +0000
>> Subject: [Ach] General agreement on cipher and hash strength and choice
>>
>>> Hi,
>>>
>>> I am currently revicing the gpg (cipher suite) section and I noticed
>>> that we are very inconsistent in ordering ciphers and hashes in our
>>> configs. Especially AES{128|256}, SHA{256|512} etc attracted me. To be
>>> precise we have no consensus whether we prefer aes128 over aes256,
>>> sha256 over sha512 and so on. Same with RSA key lenght. I personally
>>> dont like that and I think we should get to an agreement here. I prefer
>>> recommending the most compatible, wide spread, fastest etc algorithm we
>>> agree on being absolutely recommendable at the point of writing. So I
>>> would always list aes128 before aes256 and sha256 before sha512 per
>>> default. I also think that just preferring the bigger numbers for the
>>> sake of being bigger looks a bit dubious and one who reads rsa 4096
>>> might ask 'why?'
>>>
>>> best regards
>>> Daniel
>>>
>>> PS.: Sorry, if this message arrives multiple times. something here in
>>> our outlook is tricking me :-/
>>> _______________________________________________
>>> Ach mailing list
>>> Ach at lists.cert.at
>>> http://lists.cert.at/cgi-bin/mailman/listinfo/ach
>>
>> _______________________________________________
>> Ach mailing list
>> Ach at lists.cert.at
>> http://lists.cert.at/cgi-bin/mailman/listinfo/ach
>>
>
> _______________________________________________
> Ach mailing list
> Ach at lists.cert.at
> http://lists.cert.at/cgi-bin/mailman/listinfo/ach
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1091 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.cert.at/pipermail/ach/attachments/20131125/b5cfaff4/attachment.sig>
More information about the Ach
mailing list