[Ach] Proposal to Remove legacy TLS Ciphersuits Offered by Firefox
rainer at hoerbe.at
Sun Jan 5 17:30:04 CET 2014
+1 for 3DES. And also prioritizing AES128 over AES256 in suite B for the same reason. This saves approx. 40% cpu cycles, and 128-bit security still has lots of reserve.
Am 05.01.2014 um 16:55 schrieb Aaron Zauner <azet at azet.org>:
> Hi Kurt,
> That is true, the issue being that some software and hardware platforms do not support RSA keys above 2048bit as of now.
> I mean - I do not really have an issue with discussing to put 3DES in there. We were a bit time restricted to do our research (i.e. we limited ourselves to certain ciphers) and since this is still in draft stage we're able to change things like that.
> Input from anyone else on the list?
> On Sun, Jan 5, 2014 at 4:27 PM, Kurt Roeckx <kurt at roeckx.be> wrote:
> On Fri, Jan 03, 2014 at 12:19:10AM +0100, Aaron Zauner wrote:
> > > 3DES isn't broken.
> > Triple DES provides about 112bit security (We've a section on the topic in the Paper in the Keylenghts section). All ciphers that we
> > recomend are at least at 128bit security.
> The document doesn't seem to say that it's trying to reach a 128
> bit security level over the whole chain. It seems to be happy
> with 2048 bit RSA keys. They also provide 112 bit security.
> If you really want to go for 128 bit, you need to have the RSA
> keys of at least something in the order of 3072 bit. If 2048
> is fine, 3DES is fine.
> Ach mailing list
> Ach at lists.cert.at
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Ach