On 07/11/2021 13:29, Arne Schwabe wrote:
The patch removes checking for weak keys and making DES just like any
other CBC cipher and not doing extra checks for this. It basically
removes the special treatment of DES.
After this, do we have any DES functionality left in OpenVPN? If so, we
should remove it.
After this patch, no special handling for DES anymore. YOu can still use
DES but it is handled like any other cipher, e.g. BF-CBC, AES-CBC
Arne
I think the point is that if we stop checking weak keys, we should rip
out DES support completely. (I'd be in favor, but I'm not deep enough
into it to know what the fallout would be.)
My view is, if someone's doing DES, they're not caring about security,
so the small risk of weak keys is acceptable. Basically, "all DES keys
are weak keys."
_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
