max rsa key length, sym. cipher and digest recommendations ?
phooraalai at googlemail.com
Tue Jan 7 10:45:04 CET 2014
I understand that I can use the openssl ciphers and digests available on
my systems, i.e. those in the list generated by "openssl
list-cipher-commands" and "openssl list-message-digest-algorithms".
I want to create a admin vpn network between my servers and my
workplace. Network throughput is not a big issue, I am using ssh and the
cli, however I would also do incremental rsync backups over this vpn.
What are the recommendations for rsa key lengths, the cipher and the
digest algo ?
Blowfish as the symmetric cipher seems ok to me. Would aes-256-cbc
benefit from the aes acceleration in modern cpus ?
Would cipher=aes-256-cbc work in my host configuration files ?
The documentation ( man 5 tinc.conf ) says that sha1 is the default
digest. What about using sha512? Any huge performance penalty that I
would have to know about ?
Would digest=sha512 work in my host configuration files ?
What is the max rsa key length supported by tinc when running tincd -n
NETNAME -KXXXX to generate the asym. rsa key? 4096, 8192, 16384 ?
Is there somewhere a write up of the steps to build my own .deb packages
for debian wheezy and ubuntu 12.04 ?
More information about the tinc