On Mon, Oct 20, 2014 at 08:20:00PM -0400, David Leon Gil wrote:
> No one implemented AES-192 in hardware, so it got dropped in favor of
> AES-256. https://www.nsa.gov/ia/programs/suiteb_cryptography/
Indeed, my information was stale. So now we have a peculiar
"imbalance" in the Suite-B algorithms. The ECDH, ECDSA and Digest
for TOP SECRET all provide 192-bit security, but the bulk crypto
is AES-256.
> (And, while you marvel at the NSA serving its homepage using TLS 1.2
> -- and a certain CDN -- note that "[t]he connection is encrypted using
> AES_256_CBC[.]")
Well, that's to be expected, there are no TLS code points for AES-192.
So given that AES-192 lost the popularity contest to AES-256, perhaps
you can skip it after all.
--
Viktor.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [email protected]
Automated List Manager [email protected]
