On Wed, May 17, 2017 at 7:07 PM, Dmitry Eremin-Solenikov < [email protected]> wrote:
> On 18.05.2017 02:53, Bill Fischofer wrote: > > Thanks, but permissions should allow comments if you want feedback. > > Permissions updated, thanks for pointing. > > > Handy summary tables. I assume we'll do the MUSTs. Do we plan to do the > > SHOULDs as well? > > I think, linux-generic should support the following algorihms: > > Cipher: > > - AES-CBC (MUST) > - AES-CTR (MAY) > - 3DES-CBC (MAY) > 3DES appears to be nearing end of life, especially with the recent sweet32 [1] attacks so this may be more of a "nice to have", though I see no harm in including it for compatibility. I doubt if many new ODP applications would use 3DES in preference to AES at this point. > > Auth: > > - HMAC-SHA1 (MUST) > - HMAC-SHA256/384/512 (optional) > - HMAC-MD5 (unspecified, was MAY) > MD5 is already deprecated [2], and SHA-1 doesn't seem to have long to live either [2]. Enough people still use SHA-1 that it seems we should support it but I think it is safe to drop MD5 support at this point. > > AEAD: > - AES-GCM (SHOULD+) > > I especially do not plan at this point to implement AES-GMAC (it is a > nice idea, but standard is really ugly). > > > > > On Wed, May 17, 2017 at 3:31 PM, Dmitry Eremin-Solenikov > > <[email protected] > > <mailto:[email protected]>> wrote: > > > > Hello, > > > > For the sake of keeping all data in a single place, I've gather all > > crypto-related specs from RFCs in a single document. > > > > https://docs.google.com/document/d/1AK74bG9hcJs562FYZ9QIeCVXktdja > rQ8eTyrqPm2ttg/edit?usp=sharing > > <https://docs.google.com/document/d/1AK74bG9hcJs562FYZ9QIeCVXktdja > rQ8eTyrqPm2ttg/edit?usp=sharing> > > > > -- > > With best wishes > > Dmitry > > > > > > > -- > With best wishes > Dmitry > [1] https://www.openssl.org/blog/blog/2016/08/24/sweet32/ [2] https://www.nsrl.nist.gov/collision.html [3] http://csrc.nist.gov/groups/ST/hash/policy.html
