Choosing cipher for data transfer

hrumag · 2017-05-19 06:54:30 UTC

Hi all,

yesterday I came across Syncthing and started reading the documentation on the site, in particular this text:

Data that is sent over the network is (optionally) compressed and encrypted using AES-128. When receiving data, it must be decrypted.

I’d like to ask: is it possible to force the encryption to be AES-256? I did not see any configuration parameter about this.

As far as I understood, some posts in 2014 say that the used cipher is the strongest Go could implement at the time, and it was AES-128. But in Syncthing documentation i see the list of strong ciphers among which

0xC028 ECDHE-RSA-AES256-SHA384 TLSv1.2 ECDH RSA AES(256) SHA384

is listed.

I’m a little bit confused. Can you help me?

Consider that the added workload to compute AES-256 encryption/decryption as well as the decrease of the data transfer rate are not an issue in the context I’ll be using Syncthing.

Thanks in advance.

AudriusButkevicius · 2017-05-19 07:07:23 UTC

So I think that comment is no longer relevant as the encryption in theory might vary based on the suite selected. In practice I think it’s the same strongest suite all the time as syncthing mostly talks to other syncthing clients which have the same suite order defined.

calmh · 2017-05-19 07:28:22 UTC

Yes, that doc is outdated. See the actual Syncthing log for what is used. It depends a little bit on what the actual hardware is (the TLS library has preference for things that are hardware accelerated):

[SYNO4] 07:24:36 INFO: Established secure connection to ... at ... (tcp-client)
 (TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305)

The actual set of allowed cipher suites is here:

github.com

syncthing/syncthing/blob/master/cmd/syncthing/main.go#L710


	if opts := cfg.Options(); opts.WeakHashSelectionMethod == config.WeakHashAuto {
		perfWithWeakHash := cpuBench(3, 150*time.Millisecond, true)
		l.Infof("Hashing performance with weak hash is %.02f MB/s", perfWithWeakHash)
		perfWithoutWeakHash := cpuBench(3, 150*time.Millisecond, false)
		l.Infof("Hashing performance without weak hash is %.02f MB/s", perfWithoutWeakHash)


		if perfWithoutWeakHash*0.8 > perfWithWeakHash {
			l.Infof("Weak hash disabled, as it has an unacceptable performance impact.")
			weakhash.Enabled = false
		} else {
			l.Infof("Weak hash enabled, as it has an acceptable performance impact.")
			weakhash.Enabled = true
		}
	} else if opts.WeakHashSelectionMethod == config.WeakHashNever {
		l.Infof("Disabling weak hash")
		weakhash.Enabled = false
	} else if opts.WeakHashSelectionMethod == config.WeakHashAlways {
		l.Infof("Enabling weak hash")
		weakhash.Enabled = true
	}

hrumag · 2017-05-19 07:42:25 UTC

Thanks for the details. Just let me check if I understood well:

AES-256 is supported
The “best” CipherSuite is automatically chosen by the TLS library depending on the hardware and on the list order

So, if I had the requirement to use AES-256, how could I reach the goal, that is, forcing Syncthing to use AES-256? Do I have to reorder the list and/or comment the CipherSuites I’m not interested in?

Thanks in advance.

calmh · 2017-05-19 08:13:02 UTC

Yes, remove the entries you don’t want, order with preference at the top, recompile.

Note though that AES256 is not necessarily more secure than AES128 or ChaCha20. It’s a fair bit slower though.

system · 2017-06-18 08:15:10 UTC

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.