On Tue, 2021-02-02 at 19:08 -0500, Sam Hartman wrote: > > > > > > I don't have any objection to moving to Argon2 once it's available
Would sound like a good plan. In that case it might not even be necessary to mention an intermediate switch to yescrypt in the release notes, if that was superseded anyway sooner or later. > Amusingly enough, Debian openssh does not actually use AES for > encryption these days. Well but the same argument (as favouring Argon2) counts there, too. "Popular" algos like ChaCha, Poly1305 and Curve25519 stuff also receive(d) considerable analysis. > non-NIST-based probably still as > fallout > from DRB plus a desire to have a wider crypto ecosystem. Well AES isn't DRB... ;-) ... it's still Rijndael, so wouldn't worry too much here. Cheers :-)
