On 2013-10-11 00:39, Eugen Leitl wrote:
----- Forwarded message from Giles Coochey <[email protected]> ----- 2. Cipher Selection - we're not all cryptoanalysts, so statements like 'trust the math' don't always mean much to us, given the reports in the media, what is considered a safe cypher? I recently switched from AES-256 to Blowfish-256, hashing from SHA-1 to SHA-512 and pfs group 2 to pfs group 5, and I reduced my SA lifetimes from 28800 to 1800. Could that be considered overkill? What Cipher's are others using? Have any of you, who have been made recently aware of the media coverage recently, also changed your cipher selection? What kind of changes did you make?
Overkill is a rational and appropriate response to recent revelations. NIST is actually out to get you, so you might as well put on a tinfoil hat to be on the safe side. Yes, there really is a gigantic government conspiracy, no kidding.
While I am pretty sure AES and SHA 256 is perfectly safe, in view of recent events, I would follow the lead of the highly competent cryptographer Jon Callas, http://www.mail-archive.com/[email protected]/msg10926.html and use non NIST algorithms:
Use Twofish in place of AES if convenient to do so, and Skein hash in place of SHA hash.
