OpenSSL ciphers
This is a list of the ciphers that OpenSSL supports to generate an RSA key. (openssl genrsa...)
| Cipher | Bits | Switch |
|---|---|---|
| DES | 56 bits | -des |
| DES3 | 168 bits | -des3 |
| Seed | 128 bits | -seed |
| AES-128 | 128 bits | -aes128 |
| AES-192 | 192 bits | -aes192 |
| AES-256 | 256 bits | -aes256 |
| Camellia-128 | 128 bits | -camellia128 |
| Camellia-192 | 192 bits | -camellia192 |
| Camellia-256 | 256 bits | -camellia256 |
- DES is an old, very weak standard. It is not recommended to use DES unless you have a specific need to as all modern ciphers way surpass the security of DES, with modest compatibility. Disabled in most modern browsers.
- DES3 is DES run 3 times with a key whitener. It is slightly more secure than DES, but is still susceptible to attack. It just takes longer to break. Treat the same as legacy DES.
- Seed is an older, more obscure cipher that should only be used if you have a specific need.
- AES is currently the strongest security available, used by NSA for upto top secret documents. Modern processors can accelerate encryption/decryption with program support (OpenSSL will use acceleration). Using it at 256 bit will provide you with the best security.
- Camellia was a runner up behind AES. It is just as secure, although a little more obscure than AES. However, most browsers that support AES support Camellia too. Recently disabled in modern browsers.