> ALL BINARY ELLIPTIC CURVES This one may be premature. I understand the TLS WG is moving against it. However, I am aware of implementations of Shoup's ECIES, and they, in turn, depend on OpenSSL. I don't know if the ECIES implementations rely solely on prime fields or not, however. > BLOWFISH - probably still in use though I don't know where exactly? Linux password files and associated tools, like John the Ripper (JtR). OpenSSL is a good toolkit for research purposes. But if research is not a goal, then that's understandable. There are other crypto libraries that include research as a goal. Jeff On Fri, Nov 13, 2015 at 8:40 AM, Emilia K?sper <emilia at openssl.org> wrote: > Hi all, > > We are considering removing from OpenSSL 1.1 known broken or outdated > cryptographic primitives. As you may know the forks have already done this > but I'd like to seek careful feedback for OpenSSL first to ensure we won't > be breaking any major applications. > > These algorithms are currently candidates for removal: > > CAST > IDEA > MDC2 > MD2 [ already disabled by default ] > RC5 [ already disabled by default ] > RIPEMD > SEED > WHIRLPOOL > ALL BINARY ELLIPTIC CURVES > > My preference would be to remove these algorithms completely (as in, delete > the code). Disabled-by-default code will either be re-enabled by distros (if > there's widespread need for it - in which case we might as well leave it in) > or will be poorly tested and is likely to just silently rot and break. This > code is bloat and maintentance burden for us - my hope is that much of this > code is effectively dead and can be removed. > > Are you aware of any mainstream need to continue supporting these algorithms > in OpenSSL 1.1? Note that an older OpenSSL library or binary, or a > standalone implementation or another crypto toolkit can always be used to > continue supporting a legacy standalone application, or to decrypt > ciphertext from the distant past. I am looking for use cases that could > cause e.g. interop breakage between new and old peers, or major pain to > distro end-users. > > These algorithms are obsolete but removing them doesn't look feasible: > > BLOWFISH - probably still in use though I don't know where exactly? > MD4 - used in NTLM > RC2 - used in PKCS#12 > > Did I miss anything from the list?
