On 11/13/2015 5:10 PM, Emilia K?sper wrote: > Hi all, > > We are considering removing from OpenSSL 1.1 known broken or outdated cryptographic primitives. As you may know the forks have already done this but I'd like to seek careful feedback for OpenSSL > first to ensure we won't be breaking any major applications. > > These algorithms are currently candidates for removal: > > CAST > IDEA > MDC2 > MD2 [ already disabled by default ] > RC5 [ already disabled by default ] > RIPEMD > SEED > WHIRLPOOL > ALL BINARY ELLIPTIC CURVES > > My preference would be to remove these algorithms completely (as in, delete the code). Disabled-by-default code will either be re-enabled by distros (if there's widespread need for it - in which > case we might as well leave it in) or will be poorly tested and is likely to just silently rot and break. This code is bloat and maintentance burden for us - my hope is that much of this code is > effectively dead and can be removed. > > *Are you aware of any mainstream need to continue supporting these algorithms in OpenSSL 1.1?* Note that an older OpenSSL library or binary, or a standalone implementation or another crypto toolkit > can always be used to continue supporting a legacy standalone application, or to decrypt ciphertext from the distant past. I am looking for use cases that could cause e.g. interop breakage between > new and old peers, or major pain to distro end-users. > > These algorithms are obsolete but removing them doesn't look feasible: > > BLOWFISH - probably still in use though I don't know where exactly? > MD4 - used in NTLM > RC2 - used in PKCS#12 > > *Did I miss anything from the list?* > > Cheers, > Emilia > > > > > _______________________________________________ > openssl-users mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users Regarding that hardware accelerationand aes-ni is not yet common among today desktops and mobile devices, rc5 is a very good choice in situations where you need a reasonably secure and yet fast cipher(as 'openssl speed' shows, rc5 is 2.5 times fasterthan aes-128 w/o aes-ni. We developa tunneling appthat uses rc5 for LAN to gateway encryption). So, pls. do no remove rc5. -- Best regards Hooman Fazaeli -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20151115/529a7114/attachment.html>