[openssl-dev] [openssl.org #4075] Enhancement request: Camellia ECDHE+GCM suites
Moonchild via RT
rt at openssl.org
Thu Feb 4 11:06:53 UTC 2016
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
On 04/02/2016 11:18, Nich Ramsey via RT wrote:
> Moonchild: what advantages does Camellia have over AES? Sincerely asking
> since I'm not familiar.
It's comparable to AES in terms of how it can theoretically be broken with
algebra, as well as its processing capabilities, but as far as I know there
are no known successful attacks that weaken it, and the closest anyone has
come to attacking it has been against a reduced/non-full version of the
128-bit strength cipher that still required 2^116 encryptions and the same
amount of plaintexts. The full one has never budged. That alone would make
it a very desirable cipher.
Unless, of course, you have a personal grudge against ciphers not coming
from American soil (it's a Japanese-origin cipher).
See also my rationale in my original post on this topic about international
diversity with strong, modern encryption. Camellia is widely-adopted in a
whole range of security applications.
There are plenty of RFCs about Camellia, but in this context most notably
RFC6367 proposing exactly this for inclusion in TLS with GCM.
RFC5932 is a standards document describing Camellia in TLS as a whole.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (MingW32)
iF4EAREIAAYFAlazMLsACgkQEguw022l8qy+KwD9H3Rm0qaXxcts49jvKuL54frb
rzpF/WlvtiMlYDNXgEUA/1k9HjoEbLp9THY3nrHZ4Rx0wXcgT0O4b/817Cr+3iJM
=JoAw
-----END PGP SIGNATURE-----
More information about the openssl-dev
mailing list