EasyRSA key encryption
Posted: Mon Sep 08, 2014 7:43 pm
[I'm not entirely sure where to post this - but since it's part of beta code, and this forum seems less stale than others - and I can't find anywhere else that seems more appropriate - here it goes. I'm glad to be pointed elsewhere...]
A review of the EasyRSA scripts appears to show they encrypt private keys with 3DES [triple-DES].
Is there some good reason not to use aes-256 as a default? While arguing about the "better" cypher is probably a pointless thing to start - it does seem to me that AES-256 [or even Camellia-256] would be better choices than 3DES because the key is 256 bits instead of 112 [or perhaps 168].
I really seems like any easy change and I can't personally think of a reason it isn't a good idea.
[And Yes, I understand that the entropy of the pass-phrase could *very* easily be less than even 100 bits - which means the AES-256 key of 256 bits is essentially lost because of a low entropy password. But why should the script throw away higher entropy passwords if they're available!]
Can someone please comment? And I'd be glad to submit a patch, provided someone can tell me how to do this - but seriously, the change would as simple as the following:
Line 861 in the EasyRSA script:
- local crypto="-des3"
+ local crypto="-aes256"
[or if you want to use Camellia]
+ local crypto="-camellia256"
TIA
-Greg
A review of the EasyRSA scripts appears to show they encrypt private keys with 3DES [triple-DES].
Is there some good reason not to use aes-256 as a default? While arguing about the "better" cypher is probably a pointless thing to start - it does seem to me that AES-256 [or even Camellia-256] would be better choices than 3DES because the key is 256 bits instead of 112 [or perhaps 168].
I really seems like any easy change and I can't personally think of a reason it isn't a good idea.
[And Yes, I understand that the entropy of the pass-phrase could *very* easily be less than even 100 bits - which means the AES-256 key of 256 bits is essentially lost because of a low entropy password. But why should the script throw away higher entropy passwords if they're available!]
Can someone please comment? And I'd be glad to submit a patch, provided someone can tell me how to do this - but seriously, the change would as simple as the following:
Line 861 in the EasyRSA script:
- local crypto="-des3"
+ local crypto="-aes256"
[or if you want to use Camellia]
+ local crypto="-camellia256"
TIA
-Greg