[openssl-dev] Circumstances cause CBC often to be preferred over GCM modes
Viktor Dukhovni
openssl-users at dukhovni.org
Tue Dec 16 17:39:43 UTC 2014
On Tue, Dec 16, 2014 at 06:28:03PM +0100, Hanno B?ck wrote:
> > However, where do we fit ChaCha20/Poly-1305? Again, not
> > hand-placement, but some extensible algorithm.
>
> How about this simpler criterion:
> AEAD always beats non-AEAD. GCM and poly1305 are both AEAD. Done with
> it.
That does not solve the problem of some folks wanting speed
(preferring AES128 over AES256), and others safety (converse).
> (this doesn't answer whether chacha20-poly1305 or aes-gcm should be
> considered "better", but I don't know if there is a clear consensus on
> that)
Well, the "DEFAULT" and "ALL" cipherlists need to be sorted
consistently (DEFAULT Is subset of ALL in the same relative order),
so this question needs a default answer, if someone wants to tune
that by hand, the rope is there...
--
Viktor.
More information about the openssl-dev
mailing list