OpenSSL ciphers: Difference between revisions
m Added more info to cipher statements |
m Changed information to make more sense |
||
Line 23: | Line 23: | ||
|} | |} | ||
* DES is an old, very weak standard. It is not recommended to use DES unless you have a specific need to as all modern ciphers | == Infomation == | ||
* DES3 is DES run 3 times with a key whitener. It is slightly more secure than DES, but is still susceptible to attack. | |||
* DES is an old, very weak standard. It was one of the original Export Ciphers that could easily be broken by the US Government. It is not recommended to use DES unless you have a specific need to as all modern ciphers surpass the security of DES, with modest compatibility. In this day and age, DES is easily broken in a modest amount of time. Disabled in most modern browsers. | |||
* DES3 is DES run 3 times with a key whitener. It is slightly more secure than DES, but is still considered susceptible to attack. Used in Payment Card EV terminals but it is being recommended to phase out this cipher. | |||
* Seed is an older, more obscure cipher that should only be used if you have a specific need. | * Seed is an older, more obscure cipher that should only be used if you have a specific need. | ||
* AES is currently the strongest security available, used by NSA for | * AES is currently the strongest security available, used by NSA for up to top secret information. Modern processors can accelerate encryption/decryption with hardware and program support (OpenSSL will use acceleration). 256-bit keys provide the best security. | ||
* Camellia was a runner up behind AES. It is | * Camellia was a runner up behind AES. It is a strong cipher although a little more obscure than AES so expect less support. Although secure, it has recently been disabled in modern browsers. |
Revision as of 00:48, 13 October 2015
This is a list of the ciphers that OpenSSL supports to generate an RSA key. (openssl genrsa...
)
Cipher | Bits | Switch |
---|---|---|
DES | 56 bits | -des |
DES3 | 168 bits | -des3 |
Seed | 128 bits | -seed |
AES-128 | 128 bits | -aes128 |
AES-192 | 192 bits | -aes192 |
AES-256 | 256 bits | -aes256 |
Camellia-128 | 128 bits | -camellia128 |
Camellia-192 | 192 bits | -camellia192 |
Camellia-256 | 256 bits | -camellia256 |
Infomation
- DES is an old, very weak standard. It was one of the original Export Ciphers that could easily be broken by the US Government. It is not recommended to use DES unless you have a specific need to as all modern ciphers surpass the security of DES, with modest compatibility. In this day and age, DES is easily broken in a modest amount of time. Disabled in most modern browsers.
- DES3 is DES run 3 times with a key whitener. It is slightly more secure than DES, but is still considered susceptible to attack. Used in Payment Card EV terminals but it is being recommended to phase out this cipher.
- Seed is an older, more obscure cipher that should only be used if you have a specific need.
- AES is currently the strongest security available, used by NSA for up to top secret information. Modern processors can accelerate encryption/decryption with hardware and program support (OpenSSL will use acceleration). 256-bit keys provide the best security.
- Camellia was a runner up behind AES. It is a strong cipher although a little more obscure than AES so expect less support. Although secure, it has recently been disabled in modern browsers.