OpenSSL ciphers
This is a list of the ciphers that OpenSSL supports to generate an RSA key. (openssl genrsa...)
| Cipher | Bits | Switch |
|---|---|---|
| DES | 56 bits | -des |
| DES3 | 168 bits | -des3 |
| SEED | 128 bits | -seed |
| AES-128 | 128 bits | -aes128 |
| AES-192 | 192 bits | -aes192 |
| AES-256 | 256 bits | -aes256 |
| Camellia-128 | 128 bits | -camellia128 |
| Camellia-192 | 192 bits | -camellia192 |
| Camellia-256 | 256 bits | -camellia256 |
Infomation
- DES is an old, very weak standard. It was one of the original Export Ciphers that could easily be broken by the US Government. It is not recommended to use DES unless you have a specific need to as all modern ciphers surpass the security of DES, with modest compatibility. In this day and age, DES is easily broken in a modest amount of time. Disabled in most modern browsers.
- DES3 is DES run 3 times with a key whitener. It is slightly more secure than DES, but is still considered susceptible to attack. Used in Payment Card EV terminals but it is being recommended to phase out this cipher.
- SEED is an older, more obscure cipher that originated in South Korea when export ciphers were considered too weak. There is little support for this outside South Korea and should only be used if you have a specific need.
- AES is currently the strongest security available, used by NSA for up to top secret information. Modern processors can accelerate encryption/decryption with hardware and program support (OpenSSL will use acceleration if the processor supports AES-NI extensions). 256-bit keys provide the best security.
- Camellia was a runner up behind AES. It is a strong cipher although a little more obscure than AES so expect less support. Although secure, it has recently been disabled in modern browsers.