[CipherShed Devs] Cipher set enablement

jpyeron at ciphershed.org jpyeron at ciphershed.org
Sun Aug 3 21:28:26 CST 2014


(Starting a new thread, inspired by the old)

Many organizations have policies about which cryptographic functions may be used or not used. It might be worth while to support an option to "one-time" lock down the cipher suite. Java handles the one-time issue at each runtime, others handle it at install time.

The first example that comes to mind would be:

Security Policy  Comment
================ ====================================================================================
NONE             (no policy enforced, all cryptographic functions available)
DEFAULT          (The values the CipherShed team recommends)
FIPS_140         (e.g. http://docs.oracle.com/javase/7/docs/technotes/guides/security/jsse/FIPS.html)
ISO_FR           (only support CRC32 and ROT13 
                   - http://www.theregister.co.uk/1999/01/15/france_to_end_severe_encryption/)
BRUCE_SCHNEIER   (the set of functions recommended by Bruce Schneier)
...

This would give a good mechanism for allowing users to set the security to their desired settings.


> -----Original Message-----
> From: Bill Cox
> Sent: Saturday, August 02, 2014 23:26
> Subject: Re: [CipherShed Devs] Dumb eliptic curve ideas
> 
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> On 08/02/2014 09:11 PM, Kyle Marek wrote:
> > Well maybe we could include it in future suite of cryptographic 
> > ciphers as a feature. I'm sure there will be a lot of people happy
> > that their preferred ciphers are present. I know I'd prefer to have
> > different styles of ciphers layered on each other so when one has
> > an area of weakness, another can compensate. I'm always worrying
> > whether there's going to be some major zero-day flaw in whatever
> > cipher I choose when things make me choose *one* and *only one*
> > cipher.
> 
> Actually, Dan Bernstein's ChaCha cipher is a favorite among
> the geeks over on the Password Hashing Competition forum.  Blake2,
> derived from ChaCha, is a favorite fast hashing algorithm as well.
> When we get to the feature enhancement release, I'd like to revisit
> offering the best of Dan Bernstein's ciphers.


--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-                                                               -
- Jason Pyeron                      PD Inc. http://www.pdinc.us -
- Principal Consultant              10 West 24th Street #100    -
- +1 (443) 269-1555 x333            Baltimore, Maryland 21218   -
-                                                               -
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
This message is copyright PD Inc, subject to license 20080407P00.



More information about the devs mailing list