Paul Hoffman wrote this message on Sun, Sep 07, 2014 at 07:00 -0700:
> On Sep 5, 2014, at 3:25 PM, John-Mark Gurney <[email protected]> wrote:
>
> > Skipjack: already removed by OpenBSD and recommend not for use by NIST
> > after 2010, key size is 80 bits
>
> Yes, nuke.
>
> > CAST: key size is 40 to 128 bits
>
> CAST 128 is not weak. Having said that, it is also not used much, and has
> minor (if any) value over AES-128. I can't tell from your message if you are
> leaving CAST >128 in; if so, you should leave CAST 128 in as well. If CAST
> 128 is the max in the module, you can either remove all of CAST or leave CAST
> 128 in, it doesn't matter.
True about the CAST 128 not being weak... Our implementation maxes
out at 128bits, so I can't see a good reason to leave just 128bit CAST
in, so, I plan to remove CAST entirely...
Ahh, I just read a bit more on CAST, our implementation is CAST-128
which has a 64 bit block size, if we want to support CAST >128bit, we'd
need to implement CAST-256 which is a different algorithm, as it uses a
block size of 128bits...
Also, the other thing I forgot to include is that it'll be around three
years before the first release of FreeBSD that will be w/o these
algorithms, which is the reason why I'm planning now...
--
John-Mark Gurney Voice: +1 415 225 5579
"All that I will do, has been done, All that I have, has not."
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "[email protected]"
