Hi Nikos, On Sun, Dec 18, 2011 at 07:25:08PM +0100, Nikos Mavrogiannopoulos wrote:
> > I don't want to debate the reason for removing AES128 from SECURE256. > > Obviously the security level with SECURE128 is just as high (or low) > > as before. Rather I wonder, why PSK isn't used in conjunction with > > AES256? > There is very little point to use SECURE256. This is really an insane > security level that has to be supported by public keys of equivalent > level (e.g. for DHE in your case) that are of a size that probably > would make the handshake extremely slow. > However, for the situation you describe the issue isn't AES-256 but the > fact that the PSK ciphersuites (in rfc4279) are defined using SHA-1, which > isn't available any more in the 256-bit security level. Will this be the case for the foreseeable future or is something better/more secure/fancier/faster already coming? Should I contemplate moving away from PSK in favour of public key authentication in order to get a stronger hashing algorithm? BTW: My program currently ends up using ECDHE_PSK_AES_128_CBC_SHA256. Isn't SHA256 actually SHA-2, not SHA-1? -- Thanks, Micha _______________________________________________ Help-gnutls mailing list [email protected] https://lists.gnu.org/mailman/listinfo/help-gnutls
