On Thu, Nov 5, 2015 at 8:17 PM, Zain Wang <zain.wang@xxxxxxxxxxxxxx> wrote: > The names registered are: > ecb(aes) cbc(aes) ecb(des) cbc(des) ecb(des3_ede) cbc(des3_ede) > You can alloc tags above in your case. Why on Earth are you allowing DES? Here's a reference from around the turn of the century on why the FreeS/WAN project refused to implement it then: http://www.freeswan.org/freeswan_trees/freeswan-1.97/doc/politics.html#desnotsecure In 1998 a $200,000-odd purpose-built machine using FPGAs could break DES in a few days. Morre's Law applies; my guess would be that today you could break it in hours for well under $10,000 using either GPUs or Intel's Xeon Phi. Even if you have to implement DES because you need it as a component for 3DES and some standards still require 3DES, single DES should not be exposed in the user interface. -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
