Thus spake "Josť Luis Navarro Adam"
> As I know, AES was the encryptation algorithm selected by AES due to
> best performance with dedicated hardware...

You mean Rijndael was the algorithm selected by NIST to be AES due to the
best overall performance across a variety of implementations, including but
not limited to dedicated hardware.

> Actually, openssl recommends Blowfish (other AES finalist) because
> its performance by software encryptation (as Linux is) is much better...

To my knowledge, the OpenSSL Project doesn't recommend any particular

Blowfish was not an AES candidate because it did not meet several of the
requirements. Twofish was an adaptation that was considered, but its
performance was worse and was very difficult to understand (and therefore to
cryptoanalyze). While Bruce Schneier was unhappy his Twofish algorithm
wasn't selected, he has publicly stated that Rijndael is a good choice.

> Anyway, I have read taht it will do soon with AES.

AES code has been in OpenSSL snapshots for quite a while.

> Please, have a look at
> This article from charlie Hosner of SANS Institute talks about this...

That article is about OpenVPN, not OpenSSL, which is only mentioned twice in
passing. And, for that matter, one of those mentions does show that OpenSSL
has AES implemented already.


Stephen Sprunk "Stupid people surround themselves with smart
CCIE #3723 people. Smart people surround themselves with
K5SSS smart people who disagree with them." --Aaron Sorkin

__________________________________________________ ____________________
OpenSSL Project
Development Mailing List
Automated List Manager