[openssl-dev] Circumstances cause CBC often to be preferred over GCM modes
Kurt Roeckx
kurt at roeckx.be
Tue Dec 16 19:37:42 UTC 2014
On Tue, Dec 16, 2014 at 12:23:36PM -0600, Nico Williams wrote:
> On Tue, Dec 16, 2014 at 01:04:17PM -0500, Salz, Rich wrote:
> > > Subtracting (in local configuration) algorithms from a keyword denoting all
> > > known-strong algorithms is hand-tuning, but not fragile hand-tuning.
> >
> > Three years ago RC4 was known-strong. Two years ago DES-CBC was
> > known-strong. Now we only have AES-GCM. At what point do we think
> > ChaCha/Poly is known-strong, and who gets to make that call? Dan?
> > Adam?
>
> Changing the internal relative strength weighings of these requires
> pushing out new code. Something that... happens all the time.
It's not because we make a release that everybody is going to
switch to it. Some people are still using 0.9.7.
Kurt
More information about the openssl-dev
mailing list