← Back to context

Comment by smalltorch

1 day ago

The library is openssl and that comes with all these ciphers available. No other reason than because we can!

I wish AES-GCM was available...but openssl can't do it on its own without further dependencies to parse the authentication correctly.

Really this whole layer is complelty redundant actually. It's already E2EE without openssl via Tor. I like that it's encrypted before I hit the network pipe though.

10 comments

smalltorch

Reply
john_strinlai  19 hours ago

>No other reason than because we can!

great attitude for approximately everything except, perhaps, cryptography.

especially since the initial encryption is mostly redundant, i would encourage that you, at some point, consider reducing the number of ciphers.

inigyou  1 day ago

If a library doesn't do what you need, you need a different library, but this is impossible from a short bash script, so it's one of the tradeoffs of your design.

lxgr  1 day ago

> No other reason than because we can!

Then maybe your scientists should spend some time to stop and consider whether they should ;)

But seriously, I'd just limit this to one option on the selection side, even if you continue supporting more than that at the protocol level for cryptographic agility.

  • fc417fc802  16 hours ago

    I don't see the issue. "Anything that openssl actively supports" plus providing a default seems like an extremely reasonable stance to take.

    • xnyan  12 hours ago

      >reasonable stance

      Within the last 12 months, I had to write a script for a buddy at work that turned off availability of freaking freaking 56 bit DES in OpenSSH, which was available because was provided by openssl. I'm certain it was still there to provide compatibility for something(s) critical out there that depends on it, and while I can't imagine why anybody would choose to use it, it's there and it's awful.

    • lxgr  14 hours ago

      “Supported by OpenSSL” is not a seal of quality in any sense.

      It still supports a bunch of outdated crap including (on my system) RC4, RC2(!) and DES (yes, the 56 bit key one, not just 3DES).

      1 reply →

  • Bender  21 hours ago

    I would rather avoid cipher fixation. Give me thousands of protocol / cipher / mac / mode combinations. Fixation only benefits nations wanting to crack something.

    • inigyou  10 hours ago

      Agility benefits nations wanting to crack something, because they can force you to pick an insecure combination. This has happened in the real world several times before.