Re: [PATCH] Mark recommended ciphers/algorithms

[Michael Tremer <michael.tremer@ipfire.org>]

[-- Attachment #1: Type: text/plain, Size: 2482 bytes --]

On Tue, 2015-12-15 at 16:03 +0100, Larsen wrote:
> > > > Furthermore, I think that we the upper bound should be
> > > > something
> > > > that
> > > > the average IPFire box is able to handle.
> > > I agree with that. Maybe 3072 bits is a good deal between speed
> > > and
> > > security, what do you think?
> > 
> > That depends entirely on the hardware. We cannot know what people
> > are
> > using. That makes it rather complicated to decide.
> 
> Is there a way to present the users a message and let them decide
> which  
> length they want to use?

Yes, the user has to decide this at some occasions.

> 
> 
> 
> > > There seems to be a problem with the word "recommended". In the
> > > patches
> > > submitted, I recommended always the most strongest cipher.
> > > However,
> > > as
> > > you said, some of them are simply one step too much. Should then
> > > both
> > > be
> > > recommended?
> > 
> > I am not sure. Can anyone come up with a more fitting expression?
> > If we
> > mark everything as "recommended" that is strong enough for now
> > after
> > our consideration, we will have most of them tagged with that word.
> > In
> > that case it would make more sense to mark the weak stuff as such
> > to
> > keep readability. Maybe that is the way to go. But does the average
> > Joe
> > know what is meant by "weak"?
> 
> Joe should know enough that "weak" is normally not what is wanted.  
> Otherwise he should RTFM ;-)
> 
> You could recommend the strongest cipher that would take an attacker 
> millions of years to break, but on the other hand force the hardware
> to  
> burn its CPU, while another "not as strong as the recommended one"
> cipher  
> would also take an attacker thousands of years, but not consume that
> much  
> CPU.

It is always about the tradeoffs. If we didn't have to do these we
wouldn't have AES. We would only use OTP.

> Would have to differentiate between "recommended for high performance
>   
> CPU" and "recommended for your small box". So, that doesn't sound
> good.

That doesn't sound good at all because it is not really the case that
there is such a big difference between the throughput of some of the
algorithms. The right thing would be to upgrade the hardware and keep
the strong security.

> 
> Weak is weak for every kind of hardware. So +1 for "weak".

If we have "weak". Should we have "broken", too? For example we have to
support MD5. I wouldn't say that MD5 is weak. It is more than that.

> 
> 
> Lars

-Michael

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 819 bytes --]