[Ach] Camellia justification?

Hanno Böck hanno at hboeck.de
Wed Apr 23 13:17:35 CEST 2014


On Tue, 22 Apr 2014 18:55:15 +0200
Aaron Zauner <azet at azet.org> wrote:

> > I wanted to ask if there has been any discussion why most cipher
> > suites in the bettercrypto docs contain camellia.  
> Yes, the last discussion can be found over here:
> http://lists.cert.at/pipermail/ach/2014-April/thread.html#1164  

Okay, I don't see any convincing arguments, so I'll probably disable it
on my servers soon.

Basically, my take on this is - especially since Heartbleed:
The problem with uncommon algos and features is mainly not the crypto
part. The problem is attack surface on implementations.

If we have algos laying around that are considered "probably secure,
but not very interesting due to bad performance and low usage", I think
this is risky. Because uninteresting code gets less reviews. I think
it makes sense to just trim down uncommon features, because bugs can
hide in unused feature code (as we've seen with heartbeat).


-- 
Hanno Böck
http://hboeck.de/

mail/jabber: hanno at hboeck.de
GPG: BBB51E42
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: not available
URL: <http://lists.cert.at/pipermail/ach/attachments/20140423/3c9304fc/attachment.sig>


More information about the Ach mailing list