From owner-freebsd-security@FreeBSD.ORG Sun Sep 7 23:49:50 2014 Return-Path: Delivered-To: freebsd-security@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 8AD192A4 for ; Sun, 7 Sep 2014 23:49:50 +0000 (UTC) Received: from h2.funkthat.com (gate2.funkthat.com [208.87.223.18]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "funkthat.com", Issuer "funkthat.com" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 48CC71C6C for ; Sun, 7 Sep 2014 23:49:49 +0000 (UTC) Received: from h2.funkthat.com (localhost [127.0.0.1]) by h2.funkthat.com (8.14.3/8.14.3) with ESMTP id s87Nnm3j084582 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Sun, 7 Sep 2014 16:49:49 -0700 (PDT) (envelope-from jmg@h2.funkthat.com) Received: (from jmg@localhost) by h2.funkthat.com (8.14.3/8.14.3/Submit) id s87NnmwN084581; Sun, 7 Sep 2014 16:49:48 -0700 (PDT) (envelope-from jmg) Date: Sun, 7 Sep 2014 16:49:48 -0700 From: John-Mark Gurney To: Paul Hoffman Subject: Re: deprecating old ciphers from OpenCrypto... Message-ID: <20140907234948.GZ82175@funkthat.com> Mail-Followup-To: Paul Hoffman , freebsd-security@FreeBSD.org References: <20140905222559.GO82175@funkthat.com> <68CF8E05-735F-48D4-9030-A213C09C54F3@proper.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <68CF8E05-735F-48D4-9030-A213C09C54F3@proper.com> User-Agent: Mutt/1.4.2.3i X-Operating-System: FreeBSD 7.2-RELEASE i386 X-PGP-Fingerprint: 54BA 873B 6515 3F10 9E88 9322 9CB1 8F74 6D3F A396 X-Files: The truth is out there X-URL: http://resnet.uoregon.edu/~gurney_j/ X-Resume: http://resnet.uoregon.edu/~gurney_j/resume.html X-TipJar: bitcoin:13Qmb6AeTgQecazTWph4XasEsP7nGRbAPE X-to-the-FBI-CIA-and-NSA: HI! HOW YA DOIN? can i haz chizburger? X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.2.2 (h2.funkthat.com [127.0.0.1]); Sun, 07 Sep 2014 16:49:49 -0700 (PDT) Cc: freebsd-security@FreeBSD.org X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 07 Sep 2014 23:49:50 -0000 Paul Hoffman wrote this message on Sun, Sep 07, 2014 at 07:00 -0700: > On Sep 5, 2014, at 3:25 PM, John-Mark Gurney wrote: > > > Skipjack: already removed by OpenBSD and recommend not for use by NIST > > after 2010, key size is 80 bits > > Yes, nuke. > > > CAST: key size is 40 to 128 bits > > CAST 128 is not weak. Having said that, it is also not used much, and has minor (if any) value over AES-128. I can't tell from your message if you are leaving CAST >128 in; if so, you should leave CAST 128 in as well. If CAST 128 is the max in the module, you can either remove all of CAST or leave CAST 128 in, it doesn't matter. True about the CAST 128 not being weak... Our implementation maxes out at 128bits, so I can't see a good reason to leave just 128bit CAST in, so, I plan to remove CAST entirely... Ahh, I just read a bit more on CAST, our implementation is CAST-128 which has a 64 bit block size, if we want to support CAST >128bit, we'd need to implement CAST-256 which is a different algorithm, as it uses a block size of 128bits... Also, the other thing I forgot to include is that it'll be around three years before the first release of FreeBSD that will be w/o these algorithms, which is the reason why I'm planning now... -- John-Mark Gurney Voice: +1 415 225 5579 "All that I will do, has been done, All that I have, has not."