Hi,
> Well the key sizes are fixed in the TLS/SSL standards. If you change
> them the server and client is broken and no longer compliant.
True. But just to test the proof of concept, it would be O.K.
> You could use an experimental ciphersuite number for a new ciphersuite
> which would then only interop with something that uses the same
> experimental number.
This was mentioned by Greg as the appropriate place for such experimental
ciphersuites. The exact approach to its execution is not clear to me
at this point though. :(
> AES (the Advanced Encryption Standard: a symmetric cipher) already
> supports keys sizes of 192 and 256 bits and is supported in the
> development version of OpenSSL.
OH! I will look into this right away. It sounds as if it could
save me a heck of allot of time. Any disadvantages to AES? Who is
developing it? Opensource?
> However the question remains: why would you need anything larger than
> 128 bits?
I don't understand why this is a question. To me, it is obvious, that if
a project is underway for such a standard (AES), there already exists a
need.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
