"brian m. carlson" <sand...@crustytoothpaste.net> writes: > In fact, I happen to know that the documentation for GnuTLS is wrong > when it claims that "[t]here are no known weaknesses of" MD2. Such > weaknesses have been known for quite some time; in fact, certain > weaknesses in the compression function have been known longer than > (AFAICT) GnuTLS has existed. And that's to say nothing about it being > dog-slow (14 times slower than SHA-256).
You are right, I have updated the documentation: http://git.savannah.gnu.org/cgit/gnutls.git/commit/?id=962013fa4b5c1da7a39e5249e146e80f8ca6a7ed > gnutls-cli(1). Looking at the source, RC4 is defined in SECURE256, and > due to major weaknesses in its key scheduling (which can be used very > effectively against e.g. WEP), I would absolutely not want to use it if > any other choice were available. Had I not looked at the source, I > would never have known this. I would certainly not class it as > "secure". I also feel uncomfortable including RC4 in the SECURE variants, we all know that RC4 is not a secure cipher. Nikos, what do you think about removing it? > I think it's reasonable to allow OpenSSL-compatible ciphersuite names. > In fact, I think it's a really good idea. It would be nice to support this, but nobody appears to be working on this right now. I have also wanted to be able to just use the official TLS ciphersuite name to chose an algorithm. For example, a priority string of "TLS_DH_RSA_WITH_AES_256_CBC_SHA" means to enable all TLS versions, RSA, AES-256, and SHA. Right now it is difficult to express this. /Simon -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
