diff options
| author | Tobias Nießen <tniessen@tnie.de> | 2022-04-03 23:56:00 +0300 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-04-03 23:56:00 +0300 |
| commit | d83e7a0b77f8b4494ada010cc287d8ec6ec13828 (patch) | |
| tree | 1fe660920c1751165164cd7babaca2b59a481717 /doc | |
| parent | ae1f6db0886a540dcf33f27bb4f13c37e0c8899e (diff) | |
doc: remove faulty justification for 128-bit AES
This sentence implies that AES-128 is preferred over AES-256 because
of a related-key attack from 2009. However, that attack by Alex
Biryukov, Orr Dunkelman, Nathan Keller, Dmitry Khovratovich, and Adi
Shamir, while impressive, is only effective against variants of
AES-256 with a reduced number of rounds and it requires related keys.
This means that the attack is not effective against AES-256 as it is
used within TLS.
(AES-128 is still often preferred over AES-256 simply because it is
believed to be sufficiently secure and because it is faster.)
PR-URL: https://github.com/nodejs/node/pull/42578
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Mestery <mestery@protonmail.com>
Reviewed-By: Mohammed Keyvanzadeh <mohammadkeyvanzade94@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Diffstat (limited to 'doc')
| -rw-r--r-- | doc/api/tls.md | 4 |
1 files changed, 0 insertions, 4 deletions
diff --git a/doc/api/tls.md b/doc/api/tls.md index 7107fe83306..764491cf1d2 100644 --- a/doc/api/tls.md +++ b/doc/api/tls.md @@ -385,9 +385,6 @@ The default cipher suite prefers GCM ciphers for [Chrome's 'modern cryptography' setting][] and also prefers ECDHE and DHE ciphers for perfect forward secrecy, while offering _some_ backward compatibility. -128 bit AES is preferred over 192 and 256 bit AES in light of [specific -attacks affecting larger AES key sizes][]. - Old clients that rely on insecure and deprecated RC4 or DES-based ciphers (like Internet Explorer 6) cannot complete the handshaking process with the default configuration. If these clients _must_ be supported, the @@ -2268,4 +2265,3 @@ added: v11.4.0 [cipher list format]: https://www.openssl.org/docs/man1.1.1/man1/ciphers.html#CIPHER-LIST-FORMAT [forward secrecy]: https://en.wikipedia.org/wiki/Perfect_forward_secrecy [perfect forward secrecy]: #perfect-forward-secrecy -[specific attacks affecting larger AES key sizes]: https://www.schneier.com/blog/archives/2009/07/another_new_aes.html |