On Wed, Aug 29, 2012 at 07:49:03PM +0100, Kevin Chadwick wrote:
> On Wed, 29 Aug 2012 14:40:13 -0400
> Ted Unangst wrote:
>
> > Seconded. Was going to ask myself.
> >
> > > I would have thought AES-128 was more obsolete than blowfish? Speed?
> > >
> >
> > ? How can the current standard be obsolete?
>
> Blowfish is strong. I'm sure I read advice to move to AES-256 where
> possible.
>
> I don't disagree with using AES-128 as default on a possibly busy mail
> server. I was just wondering why the word obsolete was used and if it
> was simply because twofish and AES are faster.
>
I also tilted on obsolete but AES-128 is indeed a better choice, if only
because it is the standart.
My first version of the diff had AES-128 by default, but since both were
known to be strong and Blowfish was faster I switched for my tests and I
left it as is.
The right choice is still AES-128, if someone wants blowfish, twofish or
any other cipher they can just override the configuration:
queue encryption key foobar cipher bf-cbc
--
Gilles Chehade
https://www.poolp.org @poolpOrg
