[Ach] Vote for new Cipherstring B [Was: Issue with OpenSSL >0.9.8l]

Aaron Zauner azet at azet.org
Tue May 13 20:31:48 CEST 2014


Ok, I've come up with the following B cipherstring:

```
EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!IDEA:!ECDSA:kEDH:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA
``

This works for all versions that I've tested (0.9.8+).


Another issue I'd like to discuss:

There's still a thing that bothers me a bit, we're using AES256
everywhere, there are very little devices that will not support this,
which means that either:

	- we can get rid of AES128 completely
	- we can get rid of AES256 completely

I'd opt for the second option, we sill have a A cipherstring that serves
only AES256, there's really no need to have it in our B cipherstring.
Even if quantum computers become a reality (which is unlikely for the
next decades - but don't believe me, hear it from schneier [0]) AES128
provides around (2^128)/2 security (brute force in a quantum computer)
[1]. This would also shorten our cipherstring and as such make it
possible for use in software that has a restricted character limit for a
cipherstring option (such as OpenVPN).

Any input on that? I don't think it does weaken our B recommendation -
it simplifies it.


Aaron

[0] https://www.youtube.com/watch?v=hSFgHVTWq0w#t=2638
[1]
http://pqcrypto.org/www.springer.com/cda/content/document/cda_downloaddocument/9783540887010-c1.pdf

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: OpenPGP digital signature
URL: <http://lists.cert.at/pipermail/ach/attachments/20140513/981ec6e8/attachment.sig>


More information about the Ach mailing list