[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: AES128 or AES256 by default?

From: Paul Querna
Subject: Re: AES128 or AES256 by default?
Date: Thu, 15 May 2008 09:12:50 -0700

On Thu, May 15, 2008 at 2:34 AM, Simon Josefsson <address@hidden> wrote:
There is a debian bug:

Which asks that we make AES-256 the default preferred cipher.  Right now
AES-128 is the default preferred cipher.  Of course, today AES-256 is
supported as well (it is the second preferred default cipher).

What do people think here?

Applications can expose a cipher priortity configuration option -- just as mod_gnutls does -- and then you could configure dovecot to default to AES-256.

I don't believe the concerns expressed in the debian bug should be a reason to have libgnutls's default priorities changed.


I don't care strongly, but I find the arguments for AES-256 rather weak.
According to RFC 3766, to match a 256 bit symmetric key size, you need a
~15kb large RSA key or a ~500b large DSA key.  People don't use that
kind of public key sizes today as far as I know, as they become very
big.  The few who do should be able to tweak the GnuTLS cipher
preference accordingly.


Gnutls-devel mailing list

reply via email to

[Prev in Thread] Current Thread [Next in Thread]