gnutls-3.0.9, PSK and SECURE256
michael at weiser.dinsnail.net
Sun Dec 18 23:04:17 CET 2011
On Sun, Dec 18, 2011 at 07:25:08PM +0100, Nikos Mavrogiannopoulos wrote:
> > I don't want to debate the reason for removing AES128 from SECURE256.
> > Obviously the security level with SECURE128 is just as high (or low)
> > as before. Rather I wonder, why PSK isn't used in conjunction with
> > AES256?
> There is very little point to use SECURE256. This is really an insane
> security level that has to be supported by public keys of equivalent
> level (e.g. for DHE in your case) that are of a size that probably
> would make the handshake extremely slow.
> However, for the situation you describe the issue isn't AES-256 but the
> fact that the PSK ciphersuites (in rfc4279) are defined using SHA-1, which
> isn't available any more in the 256-bit security level.
Will this be the case for the foreseeable future or is something
better/more secure/fancier/faster already coming?
Should I contemplate moving away from PSK in favour of public key
authentication in order to get a stronger hashing algorithm?
BTW: My program currently ends up using ECDHE_PSK_AES_128_CBC_SHA256.
Isn't SHA256 actually SHA-2, not SHA-1?
More information about the Gnutls-help