OpenSSL ciphers: Difference between revisions

From ThinkServer
m Added more info to cipher statements
m Corrected SEED capitalisation
 
(2 intermediate revisions by the same user not shown)
Line 8: Line 8:
|DES3||168 bits||-des3
|DES3||168 bits||-des3
|-
|-
|Seed||128 bits||-seed
|SEED||128 bits||-seed
|-
|-
|AES-128||128 bits||-aes128
|AES-128||128 bits||-aes128
Line 23: Line 23:
|}
|}


* DES is an old, very weak standard. It is not recommended to use DES unless you have a specific need to as all modern ciphers way surpass the security of DES, with modest compatibility. Disabled in most modern browsers.
== Infomation ==
* DES3 is DES run 3 times with a key whitener. It is slightly more secure than DES, but is still susceptible to attack. It just takes longer to break. Treat the same as legacy DES.  
 
* Seed is an older, more obscure cipher that should only be used if you have a specific need.
* DES is an old, very weak standard. It was one of the original Export Ciphers that could easily be broken by the US Government. It is not recommended to use DES unless you have a specific need to as all modern ciphers surpass the security of DES, with modest compatibility. In this day and age, DES is easily broken in a modest amount of time. Disabled in most modern browsers.
* AES is currently the strongest security available, used by NSA for upto top secret documents. Modern processors can accelerate encryption/decryption with program support (OpenSSL will use acceleration). Using it at 256 bit will provide you with the best security.
* DES3 is DES run 3 times with a key whitener. It is slightly more secure than DES, but is still considered susceptible to attack. Used in Payment Card EV terminals but it is being recommended to phase out this cipher.
* Camellia was a runner up behind AES. It is just as secure, although a little more obscure than AES. However, most browsers that support AES support Camellia too. Recently disabled in modern browsers.
* SEED is an older, more obscure cipher that originated in South Korea when export ciphers were considered too weak. There is little support for this outside South Korea and should only be used if you have a specific need.
* AES is currently the strongest security available, used by NSA for up to top secret information. Modern processors can accelerate encryption/decryption with hardware and program support (OpenSSL will use acceleration if the processor supports AES-NI extensions). 256-bit keys provide the best security.
* Camellia was a runner up behind AES. It is a strong cipher although a little more obscure than AES so expect less support. Although secure, it has recently been disabled in modern browsers.

Latest revision as of 01:12, 3 April 2023

This is a list of the ciphers that OpenSSL supports to generate an RSA key. (openssl genrsa...)

Cipher Bits Switch
DES 56 bits -des
DES3 168 bits -des3
SEED 128 bits -seed
AES-128 128 bits -aes128
AES-192 192 bits -aes192
AES-256 256 bits -aes256
Camellia-128 128 bits -camellia128
Camellia-192 192 bits -camellia192
Camellia-256 256 bits -camellia256

Infomation

  • DES is an old, very weak standard. It was one of the original Export Ciphers that could easily be broken by the US Government. It is not recommended to use DES unless you have a specific need to as all modern ciphers surpass the security of DES, with modest compatibility. In this day and age, DES is easily broken in a modest amount of time. Disabled in most modern browsers.
  • DES3 is DES run 3 times with a key whitener. It is slightly more secure than DES, but is still considered susceptible to attack. Used in Payment Card EV terminals but it is being recommended to phase out this cipher.
  • SEED is an older, more obscure cipher that originated in South Korea when export ciphers were considered too weak. There is little support for this outside South Korea and should only be used if you have a specific need.
  • AES is currently the strongest security available, used by NSA for up to top secret information. Modern processors can accelerate encryption/decryption with hardware and program support (OpenSSL will use acceleration if the processor supports AES-NI extensions). 256-bit keys provide the best security.
  • Camellia was a runner up behind AES. It is a strong cipher although a little more obscure than AES so expect less support. Although secure, it has recently been disabled in modern browsers.