> -----Original Message-----
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]]On Behalf Of Eugene Levy
> Sent: Sunday, February 20, 2000 4:45 PM
> To: [EMAIL PROTECTED]
> Subject: Adding new cipher suites to TLS with 256+ bit session keys.
>
>
> Does any one know if any of the proposed cipher TSL suites will be added
> to openssl?
>
> I would really like to see a RSA+Blowfish+SHA1 cipher added with 256-448
> bit blowfish session keys. In fact I would be happy to have any decent
> TLS session symmetric cipher with 256 bit or higher key size.
As much as I know there's no official proposal for such a cipher suite.
So there's no need to add this into openssl.
> My boss has me working with ridiculous large 4096 bit RSA keys, and it
> seems meaningless unless I use a symmetric cipher with something larger
> than the standard 112/168 bit 3DES or 128 bit IDEA/RC4/RC2/... key sizes
> offered. I heard the RC4/RC5 can use arbitrary large key sizes. Is it
> possible to specify a 256 bit RC4/RC5 symmetric cipher for use in a TLS
> session? Keep in mind that both the clients and servers are my own
> custom apps, so I don't care about web browser compatibility.
4096 Bit RSA and 256 symmetric keys.. you must have very very
mission critical data..
> Yes I know that even a 1024 bit RSA key and 128 bit symmetric cipher has
> no chance of being broken within the next 20 years.
You can add a few more 0 digits.
> (Gee, if a 1024 bit
> RSA key could be broken, a lot of us would be issuing our own Versign/
> Thawte certificates with their cracked keys.) But my boss as asked me
> to use the largest practical key sizes I could for political/marketing
> reasons.
Okay. You said you don't have to care about web browser compatibility.
You can define your own cipher suite. All cipher suites whose first
byte is 0xFF are considered private and can be used for defining
local/experimental algorithms. Interoperability of such types is a
local matter.
That means you can define something like this.
CipherSuite TLS_RSA_4096_WITH_Blowfish_256_CBC_SHA = { 0xFF,0x01 };
Regards Rene
--
Rene G. Eberhard <[EMAIL PROTECTED]>
keyon
Herrenberg 35, CH-8640 Rapperswil, Switzerland
Phone +41 (0)55 220 71 63, Fax +41 (0)55 220 71 61
www.keyon.ch - applying security to your e-business
Get your WAP certificate for free: www.freecerts.com
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
