+1 for 3DES. And also prioritizing AES128 over AES256 in suite B for the same reason. This saves approx. 40% cpu cycles, and 128-bit security still has lots of reserve.
- Rainer Am 05.01.2014 um 16:55 schrieb Aaron Zauner <a...@azet.org>: > Hi Kurt, > > That is true, the issue being that some software and hardware platforms do > not support RSA keys above 2048bit as of now. > > I mean - I do not really have an issue with discussing to put 3DES in there. > We were a bit time restricted to do our research (i.e. we limited ourselves > to certain ciphers) and since this is still in draft stage we're able to > change things like that. > > Input from anyone else on the list? > > Thanks, > Aaron > > > On Sun, Jan 5, 2014 at 4:27 PM, Kurt Roeckx <k...@roeckx.be> wrote: > On Fri, Jan 03, 2014 at 12:19:10AM +0100, Aaron Zauner wrote: > > > > > 3DES isn't broken. > > Triple DES provides about 112bit security (We've a section on the topic in > > the Paper in the Keylenghts section). All ciphers that we > > recomend are at least at 128bit security. > > The document doesn't seem to say that it's trying to reach a 128 > bit security level over the whole chain. It seems to be happy > with 2048 bit RSA keys. They also provide 112 bit security. > > If you really want to go for 128 bit, you need to have the RSA > keys of at least something in the order of 3072 bit. If 2048 > is fine, 3DES is fine. > > > Kurt > > > _______________________________________________ > Ach mailing list > a...@lists.cert.at > http://lists.cert.at/cgi-bin/mailman/listinfo/ach -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto