[Ach] Vote for new Cipherstring B [Was: Issue with OpenSSL >0.9.8l]

David Durvaux david.durvaux at gmail.com
Thu May 15 20:35:47 CEST 2014


Mmmm...

Why getting rid of longer keys?? Probably the people who should take care
of using AES128 instead of AES256 shouldn't stick to our document only.

On the other side, AES256 could be consider to be at least as secure as
AES128.  I don't see any reason to exclude it because it's safer...

For me we HAVE to exclude unsecure algorithm but we SHOULD keep variation
of algorithm that are at least as secure as the minimal version we keep.

On top of that, it's also possible that some people exclude AES128 for some
reasons and offering a longer set of algorithm COULD in some case increase
the compatibility.  That's probably not frequent but who knows...

So in short, I would keep AES256 and add AES196 ;).

Kr,

David


2014-05-13 21:04 GMT+02:00 ianG <iang at iang.org>:

> On 13/05/2014 19:31 pm, Aaron Zauner wrote:
> > Ok, I've come up with the following B cipherstring:
> >
> > ```
> >
> EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!IDEA:!ECDSA:kEDH:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA
> > ``
> >
> > This works for all versions that I've tested (0.9.8+).
> >
> >
> > Another issue I'd like to discuss:
> >
> > There's still a thing that bothers me a bit, we're using AES256
> > everywhere, there are very little devices that will not support this,
> > which means that either:
> >
> >       - we can get rid of AES128 completely
> >       - we can get rid of AES256 completely
> >
> > I'd opt for the second option, we sill have a A cipherstring that serves
> > only AES256, there's really no need to have it in our B cipherstring.
> > Even if quantum computers become a reality (which is unlikely for the
> > next decades - but don't believe me, hear it from schneier [0]) AES128
> > provides around (2^128)/2 security (brute force in a quantum computer)
> > [1]. This would also shorten our cipherstring and as such make it
> > possible for use in software that has a restricted character limit for a
> > cipherstring option (such as OpenVPN).
> >
> > Any input on that? I don't think it does weaken our B recommendation -
> > it simplifies it.
>
>
> Yep, get rid of AES256.  Anyone who needs the difference shouldn't be
> here :)
>
> iang
>
> _______________________________________________
> Ach mailing list
> Ach at lists.cert.at
> http://lists.cert.at/cgi-bin/mailman/listinfo/ach
>



-- 
David DURVAUX
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cert.at/pipermail/ach/attachments/20140515/fd82cd53/attachment.html>


More information about the Ach mailing list