On 10/10/2013 15:04, Chris Bagnall wrote:
My understanding is that AES was championed by an agency which has received recent bad-press.;-)What made you change from AES to Blowfish, and is there any evidence to suggest that Blowfish is more 'secure' than AES?
Blowfish was a contender to actually become AES wasn't it?I agree that I might see better performance with AES as it is supported in hardware by many chipsets, and when selected all the contenders marked AES as second best (after their own submissions of course...). I'm not saying it is insecure, I'm just weary of the following:
1. AES was championed by that agency2. General comments heard, (a) "When GCHQ heard what that agency had done it was 'jaw dropping'", (b) The agency pro-actively steered the community towards insecure algorithms. 3. Blowfish only just missed out on AES, didn't it come 2nd or 3rd, or was that a related cipher? 4. I'm a complete novice, and I get the impression that most who choose a cipher do so either on a whim, or on someone elses say so.
What about CAST128 ??? 2.1 appears to support that. Is there any plan to support Twofish? Schneier said in 2007 he'd recommend that over Blowfish. Is there any mechanism to insert ciphers into Pfsense that are not currently supported?
-- Regards, Giles Coochey, CCNP, CCNA, CCNAS NetSecSpec Ltd +44 (0) 8444 780677 +44 (0) 7983 877438 http://www.coochey.net http://www.netsecspec.co.uk gi...@coochey.net
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list