On Fri, Mar 28, 2014, Hubert Kario wrote: > ----- Original Message ----- > > From: "Dr. Stephen Henson" <[email protected]> > > To: [email protected] > > Sent: Friday, 28 March, 2014 3:55:28 PM > > Subject: Re: Insecure DEFAULT cipher set > > > > On Fri, Mar 28, 2014, Hubert Kario wrote: > > > > > > > > Currently OpenSSL sorts ciphers according to key size first, then key > > > exchange > > > and finally the mac used. > > > > > > This does not result in a list sorted by strength (as the documentation > > > would > > > suggests). Ciphers using 3DES use 168 bit key but because of meet > > > in the middle attack, the effective cipher strength is 112 bit, see [NIST > > > SP800-57] and [ENISA] for details. > > > > > > > To address this I'd suggest we just change the security bits for 3DES > > ciphersuites to 112 bits in the SSL_CIPHER structure. The SSL_CIPHER > > structure > > has separate fields for key length and security bits. > > Problem is, that while 3DES provides about 112 bits of security, RC4 with > 128bit keys is certainly weaker. So its security level should also be > adjusted. > > Why do you want to change just this? What are the reasons for not making > the default cipher set secure? >
I wasn't suggesting just changing that. I was addressing that specific point. I agree that the defaults should be made secure. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [email protected]
