[pfSense] Crypto/RNG Suggestions
Eugen Leitl
eugen at leitl.org
Thu Oct 10 05:21:32 PDT 2013
----- Forwarded message from Jim Pingle <lists at pingle.org> -----
Date: Thu, 10 Oct 2013 08:19:40 -0400
From: Jim Pingle <lists at pingle.org>
To: pfSense support and discussion <list at lists.pfsense.org>
Subject: [pfSense] Crypto/RNG Suggestions
Message-ID: <52569B5C.5030804 at pingle.org>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:17.0) Gecko/20130801 Thunderbird/17.0.8
Reply-To: pfSense support and discussion <list at lists.pfsense.org>
I'm moving this to a fresh thread so that it will be unencumbered by the
other discussion that has strayed a bit. Even if one were to ignore
government agency interference, finding the best crypto choices is a
good topic, but it can easily get lost in the other discussion when some
people have written off the other topic. So lets try to keep this thread
solely on the technical topic of cryptographic quality.
On 10/10/2013 5:39 AM, Giles Coochey wrote:
> 1. Which Ciphers & Transforms should we now consider secure (pfsense
> provides quite a few cipher choices over some other off the shelf
hardware.
I haven't yet seen anything conclusive. People have called into question
some or all of ECC, NSA's suggested Suite B, and so on. I put some links
in a previous message[1]. If anyone knows of some solid research showing
specific ciphers have been compromised, I'd love to see it so we can
inform users.
> 2. What hardware / software & configuration changes can we consider to
> improve RNG and ensure that should we increase the bit size of our
> encryption, reduce lifetimes of our SAs that we can still ensure we have
> enough entropy in the RNG on a device that is typically starved of
> traditional entropy sources.
We use the RNG from FreeBSD so that may be a better question for a
FreeBSD-specific forum or list. There may be people here that know,
however, you're more likely to get better feedback from FreeBSD directly.
Jim
1: http://lists.pfsense.org/pipermail/list/2013-October/004773.html
_______________________________________________
List mailing list
List at lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list
----- End forwarded message -----
--
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org
AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5
More information about the cypherpunks
mailing list