Some concerns voiced in discussion on HN

[e12e]

Hi,

I just went over some old links, and saw that there were some concerns voiced in a discussion on hn:

https://news.ycombinator.com/item?id=10150807

Notable things are:

• Use of RC4 in any new software (don't)
• No mention of block modes and how they impact security
• No mention of authenticated cipher modes (and why one should never[1] use anything else)
• Use of sha1 in new code (use sha2/3)
• short RSA keys (I think that's fixed in #10)

I'm a little dissappointed that no-one of the people that contributed to the discussion on hn took the time to create issues here - and it's a little late to interact on hn now (although I'm sure a few have emails listed in their profiles).

I thought some of the issues might be of interest - for a follow up I suggest either creating new issues based on some of the points raised, or closing this as #wontfix.

Apologies for the noise - but I'm hoping too much feedback is better than none.

[1] Well, pretty much, anyway