On Fri, Feb 28, 2014 at 2:52 AM, Nikos Mavrogiannopoulos <nmav@xxxxxxxxxx> wrote: > On Thu, 2014-02-27 at 10:58 -0700, Andrew Lutomirski wrote: > >> >> - LEVEL-256 provides well under 256-bit security. >> - This is fine because no one actually needs 256-bit security. >> >> So *why on earth* would it make sense to implement this proposal? It >> sounds like we'd be offering options that (a) don't perform as >> advertised and (b) don't serve any purpose anyway. > > I don't really understand what you are arguing about. Are you > complaining that AES-256 doesn't offer the advertized 256-bit security, > or that a consistent security policy isn't required? I'm arguing that there is no sensible setting. If you want 256-bit security as your "consistent security policy", then either (a) you won't actually get 256-bit security or (b) you won't have any legal well-tested block ciphers at all. Saying that AES-256 is good enough is specious: if the administrator ask for "256-bit" security and if you assume that giving the administrator this kind of control makes sense in the first place, then you should interpret the administrator's request to mean, literally, 256 bits. In particular, reinterpreting the request to mean "256 bits would be nice, but 245 is okay, and maybe other numbers are okay too depending on whether related key attacks are relevant" is, IMO, a terrible idea. On Fri, Feb 28, 2014 at 2:59 AM, Nikos Mavrogiannopoulos <nmav@xxxxxxxxxx> wrote: > On Thu, 2014-02-27 at 10:37 -0800, Andrew Lutomirski wrote: >> In that case, why not give full control: >> allowed_ciphers = AES-192, AES-256, Salsa20/12, Salsa20/20 >> allowed_groups = modp >= 2048, P-256, Curve25519 >> allowed_hashes = SHA-3, ... >> allowed_modes = CTR, OCB, XTS, GCM >> allowed_macs = ... > > Because of two reasons: > 1. A typical administrator isn't a cryptographer. Most people cannot > distinguish noise from the algorithms that you mention above. > > 2. That proposal has to work with very different libraries that don't > provide the same level of access to their internals. Now you and smooge appear to want different things out of this proposal. smooge wants to comply with arcane governmental rules, which, for better or for worse, are probably fairly specific. In that case, just saying LEVEL=whatever will not solve the problem. What is the actual point of this proposal? What is it trying to accomplish? Why is whatever it's trying to accomplish something that Fedora should be interested in? --Andy -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
