[Swan-dev] Fwd: [Cryptography] on brute forcing 3DES to attack SIMs
Paul Wouters
paul at nohats.ca
Fri Jan 2 17:05:40 EET 2015
On Thu, 1 Jan 2015, D. Hugh Redelmeier wrote:
> | From: Paul Wouters <paul at nohats.ca>
>
> | Should we think about removing 3des from the default proposal set?
>
> I don't (yet) see a security reason to do so. That incidental comment
> in a blog post hardly justifies such a reaction. Maybe my response to
> the crypto list will elicit a better explanation.
>
> There might be a performance reason to not use it, but that isn't so
> serious as to drop support.
I understand it's not broken yet. But 3DES was basically replaced by
AES_CBC which was replace by AES_GCM. I'm not saying to remove support,
but I think for IKEv2 (not IKEv1) we should really consider removing
3des, md5 and sha1 from the default proposal set, and add aes_gcm and
sha2_256/sha2_512.
Paul
More information about the Swan-dev
mailing list