2

I'm trying to understand the possible settings for the cipher in OpenVPN and somehow rank them security wise.

Right now I'm stuck at differentiating the modes of operation CFB, CFB1 and CFB8. How do they differ in terms of security.

What advantages/disadvantages does one have over the other?

For instance, if I have the following cipher suites to chose from:

AES-128-CBC  (128 bit key, 128 bit block)
AES-128-CFB  (128 bit key, 128 bit block, TLS client/server mode only)
AES-128-CFB1  (128 bit key, 128 bit block, TLS client/server mode only)
AES-128-CFB8  (128 bit key, 128 bit block, TLS client/server mode only)
AES-128-GCM  (128 bit key, 128 bit block, TLS client/server mode only)
AES-128-OFB  (128 bit key, 128 bit block, TLS client/server mode only)

I'd rank them, only considering their security and robustness:

AES-128-GCM 
AES-128-CFB(1,8)
AES-128-OFB
AES-128-CBC

Am I right in doing so? Is it possible to define a difference between the three CFB modes in terms of security?

boolean.is.null
  • 255
  • 1
  • 7
  • 1
    The CFB modes are different in terms of error recovery: see http://crypto.stackexchange.com/questions/2476/cipher-feedback-mode for details. – Matthew Feb 13 '17 at 16:55
  • Thank you, that clarified a lot. Is my general assumption with the `GCM > CFB > OFB > CBC` correct? – boolean.is.null Feb 13 '17 at 17:16
  • 1
    In general, perhaps. They vary in suitability for different purposes, and I'm not confident to state an order given a use case I'm not particularly familiar with. Someone with more knowledge of how OpenVPN works internally may be able to though. – Matthew Feb 13 '17 at 17:24
  • For some general remarks on the different modes, see https://security.stackexchange.com/a/27780/. – F30 Aug 18 '17 at 22:04

0 Answers0