On Saturday 09 Mar 2013 15:43:11 Ian Clarke wrote: > We've been running into an IllegalKeySizeExpeption with Tahrir, which > requires that anyone outside the US download the Java Cryptography > Extension - obviously this is unacceptable from a usability perspective. > > How does Freenet address this problem?
I assume you are trying to use 256-bit AES? Options: 1. Just use 128-bit crypto. This is 30%-40% faster than 256-bit, and should still provide adequate security, according to nextgens. 2. Use 256-bit crypto via the Bouncycastle lightweight API. This is not subject to keylength restrictions. Obviously you'll need to ship the jar. http://www.bouncycastle.org/documentation.html 3. Provide your own crypto libraries. src/freenet/crypt/ciphers/Rijndael*.java Complications: First, be careful with the key size of the various components, the limiting factor is usually not the symmetric crypto, see e.g. http://www.keylength.com/en/3/ Second, use AES, i.e. 128-bit block size. 256-bit block size is used in Freenet at the moment and this complicates matters considerably; until Eleriseth's recent changes it was dramatically slower than using the standard 128-bit block size.
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ Devl mailing list [email protected] https://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl
