I'm moving this to a fresh thread so that it will be unencumbered by the other discussion that has strayed a bit. Even if one were to ignore government agency interference, finding the best crypto choices is a good topic, but it can easily get lost in the other discussion when some people have written off the other topic. So lets try to keep this thread solely on the technical topic of cryptographic quality.
On 10/10/2013 5:39 AM, Giles Coochey wrote: > 1. Which Ciphers & Transforms should we now consider secure (pfsense > provides quite a few cipher choices over some other off the shelf hardware. I haven't yet seen anything conclusive. People have called into question some or all of ECC, NSA's suggested Suite B, and so on. I put some links in a previous message[1]. If anyone knows of some solid research showing specific ciphers have been compromised, I'd love to see it so we can inform users. > 2. What hardware / software & configuration changes can we consider to > improve RNG and ensure that should we increase the bit size of our > encryption, reduce lifetimes of our SAs that we can still ensure we have > enough entropy in the RNG on a device that is typically starved of > traditional entropy sources. We use the RNG from FreeBSD so that may be a better question for a FreeBSD-specific forum or list. There may be people here that know, however, you're more likely to get better feedback from FreeBSD directly. Jim 1: http://lists.pfsense.org/pipermail/list/2013-October/004773.html _______________________________________________ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
