Date: Sun, 7 Sep 2014 07:00:55 -0700 From: Paul Hoffman <phoffman@proper.com> To: John-Mark Gurney <jmg@funkthat.com> Cc: freebsd-security@FreeBSD.org Subject: Re: deprecating old ciphers from OpenCrypto... Message-ID: <68CF8E05-735F-48D4-9030-A213C09C54F3@proper.com> In-Reply-To: <20140905222559.GO82175@funkthat.com> References: <20140905222559.GO82175@funkthat.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sep 5, 2014, at 3:25 PM, John-Mark Gurney <jmg@funkthat.com> wrote: > Skipjack: already removed by OpenBSD and recommend not for use by NIST > after 2010, key size is 80 bits Yes, nuke. > CAST: key size is 40 to 128 bits CAST 128 is not weak. Having said that, it is also not used much, and has minor (if any) value over AES-128. I can't tell from your message if you are leaving CAST >128 in; if so, you should leave CAST 128 in as well. If CAST 128 is the max in the module, you can either remove all of CAST or leave CAST 128 in, it doesn't matter. --Paul Hoffman
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?68CF8E05-735F-48D4-9030-A213C09C54F3>