On Tue, 2015-12-15 at 16:03 +0100, Larsen wrote: > > > > Furthermore, I think that we the upper bound should be > > > > something > > > > that > > > > the average IPFire box is able to handle. > > > I agree with that. Maybe 3072 bits is a good deal between speed > > > and > > > security, what do you think? > > > > That depends entirely on the hardware. We cannot know what people > > are > > using. That makes it rather complicated to decide. > > Is there a way to present the users a message and let them decide > which > length they want to use? Yes, the user has to decide this at some occasions. > > > > > > There seems to be a problem with the word "recommended". In the > > > patches > > > submitted, I recommended always the most strongest cipher. > > > However, > > > as > > > you said, some of them are simply one step too much. Should then > > > both > > > be > > > recommended? > > > > I am not sure. Can anyone come up with a more fitting expression? > > If we > > mark everything as "recommended" that is strong enough for now > > after > > our consideration, we will have most of them tagged with that word. > > In > > that case it would make more sense to mark the weak stuff as such > > to > > keep readability. Maybe that is the way to go. But does the average > > Joe > > know what is meant by "weak"? > > Joe should know enough that "weak" is normally not what is wanted. > Otherwise he should RTFM ;-) > > You could recommend the strongest cipher that would take an attacker > millions of years to break, but on the other hand force the hardware > to > burn its CPU, while another "not as strong as the recommended one" > cipher > would also take an attacker thousands of years, but not consume that > much > CPU. It is always about the tradeoffs. If we didn't have to do these we wouldn't have AES. We would only use OTP. > Would have to differentiate between "recommended for high performance > > CPU" and "recommended for your small box". So, that doesn't sound > good. That doesn't sound good at all because it is not really the case that there is such a big difference between the throughput of some of the algorithms. The right thing would be to upgrade the hardware and keep the strong security. > > Weak is weak for every kind of hardware. So +1 for "weak". If we have "weak". Should we have "broken", too? For example we have to support MD5. I wouldn't say that MD5 is weak. It is more than that. > > > Lars -Michael