On Wed, Aug 29, 2012 at 07:49:03PM +0100, Kevin Chadwick wrote: > On Wed, 29 Aug 2012 14:40:13 -0400 > Ted Unangst wrote: > > > Seconded. Was going to ask myself. > > > > > I would have thought AES-128 was more obsolete than blowfish? Speed? > > > > > > > ? How can the current standard be obsolete? > > Blowfish is strong. I'm sure I read advice to move to AES-256 where > possible. > > I don't disagree with using AES-128 as default on a possibly busy mail > server. I was just wondering why the word obsolete was used and if it > was simply because twofish and AES are faster. >
I also tilted on obsolete but AES-128 is indeed a better choice, if only because it is the standart. My first version of the diff had AES-128 by default, but since both were known to be strong and Blowfish was faster I switched for my tests and I left it as is. The right choice is still AES-128, if someone wants blowfish, twofish or any other cipher they can just override the configuration: queue encryption key foobar cipher bf-cbc -- Gilles Chehade https://www.poolp.org @poolpOrg