[Ach] meta-question on algorithm agility

René Pfeiffer lynx at luchs.at
Sat May 3 14:29:12 CEST 2014

On May 02, 2014 at 2320 +0100, ianG appeared and said:
> Question for the assembled, on the experiences of the group so far:
> What proportion of effort has been spent on the question of
> configuration strings that set the algorithm possibilities?  E.g., the
> famous OpenSSL blah:blah:blah string.
>> Imagine that algorithm agility was banned.  No more choice!  How much
> resource would this free up?

I am not sure if this is buying you anything. You could reduce all choices
and reduce the whole IT landscape to a couple of building blocks with no
choices. This frees up a lot of resources until this infrastructure suffers
from a critical bug.

Besides you have to look for other choices anyway since algorithms age. AES
may be around for a while and your Best Choice™ right now, but people still
invent new algorithms. I don't think this is a waste of resources.


  )\._.,--....,'``.  fL  Let GNU/Linux work for you while you take a nap.
 /,   _.. \   _\  (`._ ,. R. Pfeiffer <lynx at luchs.at> + http://web.luchs.at/
`._.-(,_..'--(,_..'`-.;.'  - System administration + Consulting + Teaching -
Got mail delivery problems?  http://web.luchs.at/information/blockedmail.php
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 213 bytes
Desc: not available
URL: <http://lists.cert.at/pipermail/ach/attachments/20140503/f1d6b407/attachment.sig>

More information about the Ach mailing list