[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: gnutls-3.0.9, PSK and SECURE256
From: |
Michael Weiser |
Subject: |
Re: gnutls-3.0.9, PSK and SECURE256 |
Date: |
Sun, 18 Dec 2011 23:04:17 +0100 |
User-agent: |
Mutt/1.5.21 (2010-09-15) |
Hi Nikos,
On Sun, Dec 18, 2011 at 07:25:08PM +0100, Nikos Mavrogiannopoulos wrote:
> > I don't want to debate the reason for removing AES128 from SECURE256.
> > Obviously the security level with SECURE128 is just as high (or low)
> > as before. Rather I wonder, why PSK isn't used in conjunction with
> > AES256?
> There is very little point to use SECURE256. This is really an insane
> security level that has to be supported by public keys of equivalent
> level (e.g. for DHE in your case) that are of a size that probably
> would make the handshake extremely slow.
> However, for the situation you describe the issue isn't AES-256 but the
> fact that the PSK ciphersuites (in rfc4279) are defined using SHA-1, which
> isn't available any more in the 256-bit security level.
Will this be the case for the foreseeable future or is something
better/more secure/fancier/faster already coming?
Should I contemplate moving away from PSK in favour of public key
authentication in order to get a stronger hashing algorithm?
BTW: My program currently ends up using ECDHE_PSK_AES_128_CBC_SHA256.
Isn't SHA256 actually SHA-2, not SHA-1?
--
Thanks,
Micha