| ▲ | lxgr 3 hours ago |
| > 21 curated ciphers are available Why!? That sounds like approximately 20 too many. |
|
| ▲ | smalltorch 3 hours ago | parent | next [-] |
| The library is openssl and that comes with all these ciphers available. No other reason than because we can! I wish AES-GCM was available...but openssl can't do it on its own without further dependencies to parse the authentication correctly. Really this whole layer is complelty redundant actually. It's already E2EE without openssl via Tor. I like that it's encrypted before I hit the network pipe though. |
| |
| ▲ | inigyou an hour ago | parent | next [-] | | If a library doesn't do what you need, you need a different library, but this is impossible from a short bash script, so it's one of the tradeoffs of your design. | |
| ▲ | lxgr 2 hours ago | parent | prev [-] | | > No other reason than because we can! Then maybe your scientists should spend some time to stop and consider whether they should ;) But seriously, I'd just limit this to one option on the selection side, even if you continue supporting more than that at the protocol level for cryptographic agility. | | |
| ▲ | Bender 10 minutes ago | parent [-] | | I would rather avoid cipher fixation. Give me thousands of protocol/cipher/mac modes. Fixation only benefits nations wanting to crack something. |
|
|
|
| ▲ | Bender 11 minutes ago | parent | prev [-] |
| I think that's great. Cipher fixation is a vulnerability as the enemy knows what to attack. |
