Remove DES #9164
Comments
gilles-peskine-arm
added
needs-design-approval
component-crypto
|
Let's rename this to just "Remove DES from Mbed TLS", make it a MUST for 4.0, and close #4396 as superseded by this one. Having DES completely gone is easier for consumers of the library - anyone who requires any size of DES can just use the LTS. |
gilles-peskine-arm
moved this from Requirements needed
to Decision needed
in Mbed TLS 4.0 planning
|
Architectural decision: we are going to remove DES in TF-PSA-Crypto 1.0. |
It does not alter this decision since this is not our focus, but noting for interest: we have received a contribution for z/OS, commonly used on banking mainframes, as I understand. |
|
Different banking, AFAIK. z/OS is a mainframe platform that decides how much money you have on your account. DES is used in banking cards and devices that communicate with banking cards (there's an ongoing transition to AES, but it's not quite finished yet). |
Remove DES from the next major version of Mbed TLS.
Rationale: DES, even 3DES, is no longer in common use. NIST no longer allows it except to process legacy data since the withdrawal of SP 800-67r2 in January 2024. DES remains in use mainly in some banking applications, where Mbed TLS is not commonly used.
This is broader than #4396 and easier to do.
Mailing list thread: https://lists.trustedfirmware.org/archives/list/[email protected]/thread/26ZWV67A4ECK2D5LSPJEDTT22MLOJOMQ/
The text was updated successfully, but these errors were encountered: