[openssl-users] Removing obsolete crypto from OpenSSL 1.1 - seeking feedback

Hooman Fazaeli hoomanfazaeli at gmail.com
Sun Nov 15 10:29:34 UTC 2015


On 11/13/2015 5:10 PM, Emilia Käsper wrote:
> Hi all,
>
> We are considering removing from OpenSSL 1.1 known broken or outdated cryptographic primitives. As you may know the forks have already done this but I'd like to seek careful feedback for OpenSSL 
> first to ensure we won't be breaking any major applications.
>
> These algorithms are currently candidates for removal:
>
> CAST
> IDEA
> MDC2
> MD2 [ already disabled by default ]
> RC5 [ already disabled by default ]
> RIPEMD
> SEED
> WHIRLPOOL
> ALL BINARY ELLIPTIC CURVES
>
> My preference would be to remove these algorithms completely (as in, delete the code). Disabled-by-default code will either be re-enabled by distros (if there's widespread need for it - in which 
> case we might as well leave it in) or will be poorly tested and is likely to just silently rot and break. This code is bloat and maintentance burden for us - my hope is that much of this code is 
> effectively dead and can be removed.
>
> *Are you aware of any mainstream need to continue supporting these algorithms in OpenSSL 1.1?* Note that an older OpenSSL library or binary, or a standalone implementation or another crypto toolkit 
> can always be used to continue supporting a legacy standalone application, or to decrypt ciphertext from the distant past. I am looking for use cases that could cause e.g. interop breakage between 
> new and old peers, or major pain to distro end-users.
>
> These algorithms are obsolete but removing them doesn't look feasible:
>
> BLOWFISH - probably still in use though I don't know where exactly?
> MD4 - used in NTLM
> RC2 - used in PKCS#12
>
> *Did I miss anything from the list?*
>
> Cheers,
> Emilia
>
>
>
>
> _______________________________________________
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Regarding that hardware accelerationand aes-ni is not yet common among
today desktops and mobile devices, rc5 is a very good choice in situations
where you need a reasonably secure and yet fast cipher(as 'openssl speed' shows,
rc5 is 2.5 times fasterthan aes-128 w/o aes-ni. We developa tunneling appthat uses
rc5 for LAN to gateway encryption).

So, pls. do no remove rc5.


-- 
Best regards
Hooman Fazaeli

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20151115/529a7114/attachment.html>


More information about the openssl-users mailing list