[Ach] Vote for new Cipherstring B [Was: Issue with OpenSSL >0.9.8l]

ianG iang at iang.org
Tue May 13 21:04:43 CEST 2014


On 13/05/2014 19:31 pm, Aaron Zauner wrote:
> Ok, I've come up with the following B cipherstring:
> 
> ```
> EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!IDEA:!ECDSA:kEDH:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA
> ``
> 
> This works for all versions that I've tested (0.9.8+).
> 
> 
> Another issue I'd like to discuss:
> 
> There's still a thing that bothers me a bit, we're using AES256
> everywhere, there are very little devices that will not support this,
> which means that either:
> 
> 	- we can get rid of AES128 completely
> 	- we can get rid of AES256 completely
> 
> I'd opt for the second option, we sill have a A cipherstring that serves
> only AES256, there's really no need to have it in our B cipherstring.
> Even if quantum computers become a reality (which is unlikely for the
> next decades - but don't believe me, hear it from schneier [0]) AES128
> provides around (2^128)/2 security (brute force in a quantum computer)
> [1]. This would also shorten our cipherstring and as such make it
> possible for use in software that has a restricted character limit for a
> cipherstring option (such as OpenVPN).
> 
> Any input on that? I don't think it does weaken our B recommendation -
> it simplifies it.


Yep, get rid of AES256.  Anyone who needs the difference shouldn't be
here :)

iang




More information about the Ach mailing list