* Gunnar Haslinger <[email protected]> [03/11/2015 23:00:16] wrote: > Could be a good decision or not, depending on how things come. > Maybe Camellia turns out to be broken earlier than AES. Then you have to > touch the systems you are not responsible for. So it's a 50:50 chance if > AES or Camellia gets broken earlier. If I have two ciphersuites enabled > the chance of having to change the configuration is doubled.
Haven't seen a lot of public cryptanalysis on CAMELLIA recently, nobody really cares about CAMELLIA, it's in the TLS spec. but besides that it's almost forgotten. > > Turn back time 2 years. > You probably would have enabled AES and RC4. No. RC4 was known to have _real_ weaknesses two years ago, not just academic cryptographer circle-jerk stuff. https://en.wikipedia.org/wiki/RC4#Security I think we're pretty well off with AES as it's been the prime target for block-cipher cryptanalysis for years. By now people in the crypto community are pretty certain that it won't break soon and it's also 'resistant' to quantum computers (Grover's algorithm would still reduce the security by about half - but we're nowhere near implementing that in even a simulated quantum computer). Aaron
signature.asc
Description: Digital signature
_______________________________________________ Ach mailing list [email protected] http://lists.cert.at/cgi-bin/mailman/listinfo/ach
