06/09/2014 00:26 - John-Mark Gurney wrote: > As I've been working on OpenCrypto, I've noticed that we have some > ciphers that OpenBSD does not... As we haven't had a maintainer for > the code, no one has been evaluating which ciphers should be included... > > I would like to document the following ciphers as depcreated in 11, and > remove them for 12: > Skipjack: already removed by OpenBSD and recommend not for use by NIST > after 2010, key size is 80 bits > CAST: key size is 40 to 128 bits > > As you can see, both of these ciphers weak and we should not encourage > their use. Their removal from OpenCrypto will practically only remove > them from their use w/ IPSec. Most other systems are userland and will > use OpenSSL which is different. > > It would be possible for parties that need support to make them a > module, but right now, if you compile in crypto into your kernel, you > get all of these ciphers... > > Comments? > > Thanks. > > -- > John-Mark Gurney Voice: +1 415 225 5579 > > "All that I will do, has been done, All that I have, has not." > _______________________________________________ > [email protected] mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to "[email protected]" >
Sounds reasonable. _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "[email protected]"
