deprecating old ciphers from OpenCrypto...
Paul Hoffman
phoffman at proper.com
Sun Sep 7 14:01:06 UTC 2014
On Sep 5, 2014, at 3:25 PM, John-Mark Gurney <jmg at funkthat.com> wrote:
> Skipjack: already removed by OpenBSD and recommend not for use by NIST
> after 2010, key size is 80 bits
Yes, nuke.
> CAST: key size is 40 to 128 bits
CAST 128 is not weak. Having said that, it is also not used much, and has minor (if any) value over AES-128. I can't tell from your message if you are leaving CAST >128 in; if so, you should leave CAST 128 in as well. If CAST 128 is the max in the module, you can either remove all of CAST or leave CAST 128 in, it doesn't matter.
--Paul Hoffman
More information about the freebsd-security
mailing list