Date: Sat, 6 Sep 2014 09:28:33 +0200 From: Carlo Strub <cs@FreeBSD.org> To: jmg@funkthat.com Cc: freebsd-security@FreeBSD.org Subject: Re: deprecating old ciphers from OpenCrypto... Message-ID: <1409988513.269561.213256043.136342.2@c-st.net> In-Reply-To: <20140905222559.GO82175@funkthat.com> References: <20140905222559.GO82175@funkthat.com>
next in thread | previous in thread | raw e-mail | index | archive | help
06/09/2014 00:26 - John-Mark Gurney wrote: > As I've been working on OpenCrypto, I've noticed that we have some > ciphers that OpenBSD does not... As we haven't had a maintainer for > the code, no one has been evaluating which ciphers should be included... >=20 > I would like to document the following ciphers as depcreated in 11, and > remove them for 12: > Skipjack: already removed by OpenBSD and recommend not for use by NIST > after 2010, key size is 80 bits > CAST: key size is 40 to 128 bits >=20 > As you can see, both of these ciphers weak and we should not encourage > their use. Their removal from OpenCrypto will practically only remove > them from their use w/ IPSec. Most other systems are userland and will > use OpenSSL which is different. >=20 > It would be possible for parties that need support to make them a > module, but right now, if you compile in crypto into your kernel, you > get all of these ciphers... >=20 > Comments? >=20 > Thanks. >=20 > --=20 > John-Mark Gurney Voice: +1 415 225 5579 >=20 > "All that I will do, has been done, All that I have, has not." > _______________________________________________ > freebsd-security@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.or= g" >=20 Sounds reasonable.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1409988513.269561.213256043.136342.2>