[Swan-dev] Fwd: [Cryptography] on brute forcing 3DES to attack SIMs
Muenz, Michael
m.muenz at spam-fetish.org
Sat Jan 3 13:21:13 EET 2015
Am 02.01.2015 um 16:05 schrieb Paul Wouters:
> I understand it's not broken yet. But 3DES was basically replaced by
> AES_CBC which was replace by AES_GCM. I'm not saying to remove support,
> but I think for IKEv2 (not IKEv1) we should really consider removing
> 3des, md5 and sha1 from the default proposal set, and add aes_gcm and
> sha2_256/sha2_512.
Never saw a device supporting IKEv2 but not AES/SHA, so I'd also remove
3DES and MD5 from default proposal, except ASA5505 (near EoS) which
supports SHA2 only in P1 with IKEv2.
Michael
More information about the Swan-dev
mailing list