[openssl-dev] 3DES is a HIGH-strength cipher?
Viktor Dukhovni
openssl-users at dukhovni.org
Fri Feb 12 21:12:10 UTC 2016
> On Feb 12, 2016, at 3:52 PM, Short, Todd <tshort at akamai.com> wrote:
>
> So, if it’s “mandatory”, then it should be in the default set of ciphers, not necessarily the “HIGH” set.
>
> I’m selecting “HIGH” because I want 128-bit+ ciphers, not a cipher that that has subsequently found to be weaker than previously thought.
3DES was not found weaker than previously thought. It is as-strong as it ever was,
with 168-bit keys that are subject to a meet-in-the-middle attack (at 2^56 memory cost)
that brings the brute force effort to a way unrealistic 112-bit attack.
The issue with 3DES its performance (slower than AES especially AESNI) and the short
block size (8 bytes vs. 16). It is a cipher that has stood the test of time quite
well. If you don't want 3DES, set your cipherlist to 'DEFAULT:!EXPORT:!LOW:!MEDIUM:!3DES'
--
Viktor.
More information about the openssl-dev
mailing list