1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
|
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<HTML>
<HEAD>
<TITLE> [pycrypto] RSA exportKey question
</TITLE>
<LINK REL="Index" HREF="index.html" >
<LINK REL="made" HREF="mailto:pycrypto%40lists.dlitz.net?Subject=Re%3A%20%5Bpycrypto%5D%20RSA%20exportKey%20question&In-Reply-To=%3C51D6B5CD.9030107%40gmail.com%3E">
<META NAME="robots" CONTENT="index,nofollow">
<style type="text/css">
pre {
white-space: pre-wrap; /* css-2.1, curent FF, Opera, Safari */
}
</style>
<META http-equiv="Content-Type" content="text/html; charset=us-ascii">
<LINK REL="Previous" HREF="000675.html">
<LINK REL="Next" HREF="000677.html">
</HEAD>
<BODY BGCOLOR="#ffffff">
<H1>[pycrypto] RSA exportKey question</H1>
<B>Yaron Sheffer</B>
<A HREF="mailto:pycrypto%40lists.dlitz.net?Subject=Re%3A%20%5Bpycrypto%5D%20RSA%20exportKey%20question&In-Reply-To=%3C51D6B5CD.9030107%40gmail.com%3E"
TITLE="[pycrypto] RSA exportKey question">yaronf.ietf at gmail.com
</A><BR>
<I>Fri Jul 5 05:02:21 PDT 2013</I>
<P><UL>
<LI>Previous message: <A HREF="000675.html">[pycrypto] RSA exportKey question
</A></li>
<LI>Next message: <A HREF="000677.html">[pycrypto] RSA exportKey question
</A></li>
<LI> <B>Messages sorted by:</B>
<a href="date.html#676">[ date ]</a>
<a href="thread.html#676">[ thread ]</a>
<a href="subject.html#676">[ subject ]</a>
<a href="author.html#676">[ author ]</a>
</LI>
</UL>
<HR>
<!--beginarticle-->
<PRE>Actually-not-so-old meaning more than 10 years? (See "Changes between
0.9.6h and 0.9.7 [31 Dec 2002]" under
<A HREF="http://www.openssl.org/news/changelog.html.">http://www.openssl.org/news/changelog.html.</A> Or is Python OpenSSL support
so much behind mainline OpenSSL?
Thanks,
Yaron
On 2013-07-05 13:10, Legrandin wrote:
><i> Hi Paul,
</I>><i>
</I>><i> In the back of my mind, I was referring to practical purposes *in the
</I>><i> context of key wrapping*.
</I>><i> For key wrapping, you deal with very small payloads and the key is
</I>><i> salted: speed and birthdays paradox are not real concerns,
</I>><i> and the security marging 3DES (with 112 bits of ) is large enough.
</I>><i> I am suggesting to stick to "PBKDF2WithHMAC-SHA1AndDES-EDE3-CBC" as
</I>><i> default PKCS#8 wrapping algorithm for export
</I>><i> because there are more chances the receiver (e.g. some
</I>><i> actually-not-so-old openssl versions) will be able to unwrap it.
</I>><i> If I had to pick a more future proof value (regardless of
</I>><i> compatibility) I would agree that AES is better, but only in
</I>><i> combination with scrypt as KDF.
</I>><i>
</I>><i> 2013/7/4 <<A HREF="http://lists.dlitz.net/cgi-bin/mailman/listinfo/pycrypto">Paul_Koning at dell.com</A>>:
</I>>><i>
</I>>><i> On Jul 3, 2013, at 5:26 PM, Legrandin wrote:
</I>>><i>
</I>>>><i> I find 3DES is as good as AES for most practical purposes.
</I>>><i>
</I>>><i> I'm curious what your metrics are for that conclusion.
</I>>><i>
</I>>><i> By way of comparison, the new draft for the RFC covering storage protocol security (successor to RFC 3723) switches from 3DES to AES for clearly stated reasons, one of which is the fact that 64 bit blocks and large quantities of data don't go well together. If you're dealing with small quantities of data, 3DES might still be good enough, but I still don't see an obvious reason to stick with a rather ancient cipher when a well-vetted replacement is available.
</I>>><i>
</I>>><i> paul
</I>>><i>
</I>>><i>
</I>>><i> _______________________________________________
</I>>><i> pycrypto mailing list
</I>>><i> <A HREF="http://lists.dlitz.net/cgi-bin/mailman/listinfo/pycrypto">pycrypto at lists.dlitz.net</A>
</I>>><i> <A HREF="http://lists.dlitz.net/cgi-bin/mailman/listinfo/pycrypto">http://lists.dlitz.net/cgi-bin/mailman/listinfo/pycrypto</A>
</I>><i> _______________________________________________
</I>><i> pycrypto mailing list
</I>><i> <A HREF="http://lists.dlitz.net/cgi-bin/mailman/listinfo/pycrypto">pycrypto at lists.dlitz.net</A>
</I>><i> <A HREF="http://lists.dlitz.net/cgi-bin/mailman/listinfo/pycrypto">http://lists.dlitz.net/cgi-bin/mailman/listinfo/pycrypto</A>
</I>><i>
</I></PRE>
<!--endarticle-->
<HR>
<P><UL>
<!--threads-->
<LI>Previous message: <A HREF="000675.html">[pycrypto] RSA exportKey question
</A></li>
<LI>Next message: <A HREF="000677.html">[pycrypto] RSA exportKey question
</A></li>
<LI> <B>Messages sorted by:</B>
<a href="date.html#676">[ date ]</a>
<a href="thread.html#676">[ thread ]</a>
<a href="subject.html#676">[ subject ]</a>
<a href="author.html#676">[ author ]</a>
</LI>
</UL>
<hr>
<a href="http://lists.dlitz.net/cgi-bin/mailman/listinfo/pycrypto">More information about the pycrypto
mailing list</a><br>
</body></html>
|
