[Ach] Proposal to change B cipher spec
Aaron Zauner
azet at azet.org
Fri Apr 4 03:39:08 CEST 2014
Hi Torsten,
Apologies,.. Ian Grigg just pointed out that SHA is used as HMAC here.
Aaron Zauner wrote:
>> Conrete this results in this ciphers (grouped according above policy):
>> TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (0x9f)
> Basically you'll need SHA512 to fit the security level of AES256. We
> have this issue as well. No SHA512 in TLS :)
>
>> TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (0x9e)
>> -------------------------------------------------
>> TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 (0x6b)
>> TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x39)
> SHA-1: 160bit. You'll need a cryptographic hash function of 512 bit to
> match the security of the symmetric cipher (AES). As well as appropriate
> RSA/DH params.
Forget my the comments about the hash function/HMAC security. I should
not be replying to such emails at three in the morning (especially when
writing multiple mails at once) :)
@iang: Thanks, of course you are right.
An additional note: I'd personally actually favor all RSA based cipher
string combinations before adding ECDSA to the list.
Still not sure why you're building your own recommendations though :)
Aaron
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: OpenPGP digital signature
URL: <http://lists.cert.at/pipermail/ach/attachments/20140404/634e4b10/attachment.sig>
More information about the Ach
mailing list