available crypto policies
Tomas Mraz
tmraz at redhat.com
Wed Jun 4 14:56:42 UTC 2014
On St, 2014-06-04 at 16:15 +0200, Till Maas wrote:
> On Thu, Mar 27, 2014 at 12:13:33PM +0100, Nikos Mavrogiannopoulos wrote:
>
> > =====FUTURE======
> > A level that will provide security on a conservative level that is
> > believed to withstand any near-term future attacks. That will be
> > an 128-bit security level, without including protocols with known
> > attacks available (e.g. SSL 3.0/TLS 1.0). This level may prevent
> > communication with commonly used systems that provide weaker security
> > levels (e.g., systems that use SHA-1 as signature algorithm).
> >
> > MACs: SHA1+
> ^^^^^
> > Curves: All supported
> > Signature algorithms: must use SHA-256 hash or better
> > Ciphers: AES-GCM, AES-CBC, CAMELLIA-GCM, CAMELLIA-CBC
> > Key exchange: ECDHE, RSA, DHE
> > DH params size: 2048+
> > RSA params size: 2048+
> > SSL Protocols: TLS1.1+
>
> Why is SHA1+ allowed as MAC here?
SHA1 is 128 bit security level when used within HMAC for message
authentication. You cannot apply birthday attack to message
authentication.
--
Tomas Mraz
No matter how far down the wrong road you've gone, turn back.
Turkish proverb
(You'll never know whether the road is wrong though.)
More information about the security
mailing list