Geek Answers Handbook

Which algorithm is stronger for TLS: AES-256 or Camellia-256?

Introduction: For my personal web server, I have apache configured with a self-signed certificate to enable TLS security for training and testing. I have this line in virtualhost:

SSLProtocol -all -SSLv3 +TLSv1 SSLCipherSuite TLSv1:+HIGH:!MEDIUM

With firefox, I get an encrypted Camellia-256 connection, and with the operation I get TLS v1.0 256 bit AES (1024 bit DHE_RSA / SHA) with the same configuration on the same server.

Does this lead me to a question which is stronger, AES or Camellia?

I noticed that if I turn off the camellia with SSLCipherSuite TLSv1:+HIGH:!MEDIUM:!CAMELLIA , then firefox will use the same set as the opera.

In my configuration, I also try to disable all versions of SSL to enable only TLS (recommended if I didn’t do it right), but the original question still stands: which one should be stronger?

+8
ssl encryption
source share
3 answers

What worries me more is the fact that your SSL encryption is not secure, because you only use asymmetric 1024-bit encryption to protect your keys.

Adi Shamir (“S” in RSA) recommended switching to 2048-bit keys back in 2006, even the American Standards Institute (NIST) has achieved a minimum strength of 2048 bits since January 2011 (see NIST SP800-57 for minimum key values is 2048 bits for RSA and DH / el-gamal).

In short, first make sure that RSA encryption is strong enough as it is used to protect symmetric keys (AES / Camellia). Never rely on a key that is protected by a weaker key (this is like using a secure 256-bit WPA 2 random key at a wireless access point, and then trust in WPS, which will open in a few hours!)

Even if it's a test system, learn how to use cryptography the way you intend to move forward; do not compromise the strength of the certificate key (all CAs today must reject 1024 bit or CSR requests using MD5, if they are not used, create your own test certificates as if you were executing a real request and do not use key sizes by default).

It is difficult to compare strengths, both received cryptographic analysis (AES more publicly) and are sufficient to ensure data security.

At the risk of repeating itself, Id is more worried about the 1024 bits used to ensure key agreement.

+15
source share

It is difficult to judge the strength of these algorithms. Camellia is considered approximately equivalent to AES in safety ( source ). In any case, the difference probably doesn't matter. Any algorithm is safe enough so that your data channel is no longer the weakest link in your system, so you do not need to worry about changing any configuration.

+9
source share

The OpenSSL cipher TLSv1: + HIGH is a really bad choice. The designation "+ something" means moving all ciphers that match "something" to the end of the list. Therefore, you use HIGH only as a last resort, with anything that was not HIGH.

A much better choice is "DEFAULT :! MEDIUM :! LOW :! EXPORT: + 3DES", which starts with reasonable defaults, removes MEDIUM, LOW and EXPORT and uses 3DES last (which is probably one way or another, but on on some systems, this happens before AES128, because it can be considered strong at 168 bits).

+1
source share

More articles:


All Articles