On 12 February 2016 at 18:59, Short, Todd <[email protected]> wrote: > Hi, > > In OpenSSL 1.0.2, and 1.0.1i, 3DES-CBC’s bit-strength was changed from 168 > to 112, which makes sense. However, it is still considered a HIGH-strength > cipher. > > RC4 is listed as having a bit strength of MEDIUM, and is a 128-bit > strength cipher (kinda). > > This is a bit contradictory. According to the OpenSSL cipher > documentation, HIGH refers to 128-bit, or stronger, ciphers. > > Should 3DES ciphers be moved to the MEDIUM category? > > I tend to agree with moving it to the medium category, but not with the reasoning. eg. We could have XOR with a 256 bit key and I still wouldn't want it to be considered as High.
Rich.
-- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
