As I've been working on OpenCrypto, I've noticed that we have some
ciphers that OpenBSD does not... As we haven't had a maintainer for
the code, no one has been evaluating which ciphers should be included...
I would like to document the following ciphers as depcreated in 11, and
remove them for 12:
Skipjack: already removed by OpenBSD and recommend not for use by NIST
after 2010, key size is 80 bits
CAST: key size is 40 to 128 bits
As you can see, both of these ciphers weak and we should not encourage
their use. Their removal from OpenCrypto will practically only remove
them from their use w/ IPSec. Most other systems are userland and will
use OpenSSL which is different.
It would be possible for parties that need support to make them a
module, but right now, if you compile in crypto into your kernel, you
get all of these ciphers...
Comments?
Thanks.
--
John-Mark Gurney Voice: +1 415 225 5579
"All that I will do, has been done, All that I have, has not."
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "[email protected]"
