max rsa key length, sym. cipher and digest recommendations ?

Phooraalai phooraalai at
Tue Jan 7 10:45:04 CET 2014


I understand that I can use the openssl ciphers and digests available on
my systems, i.e. those in the list generated by "openssl
list-cipher-commands" and "openssl list-message-digest-algorithms".

I want to create a admin vpn network between my servers and my
workplace. Network throughput is not a big issue, I am using ssh and the
cli, however I would also do incremental rsync backups over this vpn.

What are the recommendations for rsa key lengths, the cipher and the
digest algo ?

Blowfish as the symmetric cipher seems ok to me. Would aes-256-cbc
benefit from the aes acceleration in modern cpus ?

Would cipher=aes-256-cbc work in my host configuration files ?

The documentation ( man 5 tinc.conf ) says that sha1 is the default
digest. What about using sha512? Any huge performance penalty that I
would have to know about ?

Would digest=sha512 work in my host configuration files ?

What is the max rsa key length supported by tinc when running tincd -n
NETNAME -KXXXX to generate the asym. rsa key? 4096, 8192, 16384 ?

Is there somewhere a write up of the steps to build my own .deb packages
for debian wheezy and ubuntu 12.04 ?


More information about the tinc mailing list