Date: Sun, 7 Sep 2014 07:00:55 -0700 From: Paul Hoffman <phoffman@proper.com> To: John-Mark Gurney <jmg@funkthat.com> Cc: freebsd-security@FreeBSD.org Subject: Re: deprecating old ciphers from OpenCrypto... Message-ID: <68CF8E05-735F-48D4-9030-A213C09C54F3@proper.com> In-Reply-To: <20140905222559.GO82175@funkthat.com> References: <20140905222559.GO82175@funkthat.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sep 5, 2014, at 3:25 PM, John-Mark Gurney <jmg@funkthat.com> wrote: > Skipjack: already removed by OpenBSD and recommend not for use by NIST > after 2010, key size is 80 bits Yes, nuke. > CAST: key size is 40 to 128 bits CAST 128 is not weak. Having said that, it is also not used much, and = has minor (if any) value over AES-128. I can't tell from your message if = you are leaving CAST >128 in; if so, you should leave CAST 128 in as = well. If CAST 128 is the max in the module, you can either remove all of = CAST or leave CAST 128 in, it doesn't matter. --Paul Hoffman=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?68CF8E05-735F-48D4-9030-A213C09C54F3>