[Swan-dev] Fwd: [Cryptography] on brute forcing 3DES to attack SIMs

D. Hugh Redelmeier hugh at mimosa.com
Fri Jan 9 08:52:18 EET 2015


| From: Paul Wouters <paul at nohats.ca>

| On Fri, 2 Jan 2015, Paul Wouters wrote:
| 
| > I understand it's not broken yet. But 3DES was basically replaced by
| > AES_CBC which was replace by AES_GCM. I'm not saying to remove support,
| > but I think for IKEv2 (not IKEv1) we should really consider removing
| > 3des, md5 and sha1 from the default proposal set, and add aes_gcm and
| > sha2_256/sha2_512.
| 
| Oh, and probably change DH group 2,5,14 to something newer like at the
| very least drop DH2 (modp1024) but probably add group 18 (8192 modp)
| and group 24 (2048-bit MODP Group with 256-bit Prime Order Subgroup)

I'm surprised that you are willing to drop ciphers, which are an
interop thing, and not drop crap from our config file, which is NOT
an interop thing.

If something is interop, all organizations that interop might be
affected.

If it is a config file change, that can be unilaterally handled.

Clearly changing interop things are a much bigger problem for users.


More information about the Swan-dev mailing list