[Cryptography] OpenSSL minimal "safe" configuration?
Peter Gutmann
pgut001 at cs.auckland.ac.nz
Mon Jan 11 18:19:48 EST 2016
Henry Baker <hbaker1 at pipeline.com> writes:
>I was trying to build OpenSSL with a minimal, "safe" configuration.
>
>By "safe", I mean using the latest/best algorithms, and *deleting* all the
>known-to-be-unsafe algorithms.
>
>However, I can't seem to build OpenSSL w/o DES, w/o MD5, etc.
MD5 is required for TLS before 1.2 (it uses a dual-hash, MD5 || SHA1), and DES
is required for 3DES. Getting rid of those will disable a whole pile of
crypto functionality.
>I'd also like to kill off the shorter versions -- e.g., AES-128.
So let me get this straight, AES-128 isn't safe enough for you, but OpenSSL
is?
Perhaps the first step in getting to your goal might be to buy a large roll of
tinfoil...
Peter :-).
More information about the cryptography
mailing list