Re: available crypto policies

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, Mar 27, 2014 at 12:13:33PM +0100, Nikos Mavrogiannopoulos wrote:

> =====FUTURE======
> A level that will provide security on a conservative level that is
> believed to withstand any near-term future attacks. That will be
> an 128-bit security level, without including protocols with known
> attacks available (e.g. SSL 3.0/TLS 1.0). This level may prevent
> communication with commonly used systems that provide weaker security
> levels (e.g., systems that use SHA-1 as signature algorithm).
> 
> MACs: SHA1+
        ^^^^^
> Curves: All supported
> Signature algorithms: must use SHA-256 hash or better
> Ciphers: AES-GCM, AES-CBC, CAMELLIA-GCM, CAMELLIA-CBC
> Key exchange: ECDHE, RSA, DHE
> DH params size: 2048+
> RSA params size: 2048+
> SSL Protocols: TLS1.1+

Why is SHA1+ allowed as MAC here?

Regards
TIll
--
security mailing list
security@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/security





[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Coolkey]

  Powered by Linux