Recommend to use aes-128-cfb.

dearplain · Apr 5, 2014 · 211bdfc · 211bdfc
1 parent 81669bf
commit 211bdfc
Show file tree

Hide file tree

Showing 5 changed files with 9 additions and 9 deletions.
diff --git a/README.md b/README.md
@@ -51,9 +51,9 @@ SOCKS5 127.0.0.1:local_port
 
 ## About encryption methods
 
-AES is recommended for shadowsocks-go. ([Intel AES Instruction Set](http://en.wikipedia.org/wiki/AES_instruction_set) will be used if available and can make encryption/decryption fast.)
+AES is recommended for shadowsocks-go. [Intel AES Instruction Set](http://en.wikipedia.org/wiki/AES_instruction_set) will be used if available and can make encryption/decryption very fast. To be more specific, **`aes-128-cfb` is recommended as it is faster and [secure enough](https://www.schneier.com/blog/archives/2009/07/another_new_aes.html)**.
 
-**rc4 and table encryption methods are deprecated because they are not secure**.
+**rc4 and table encryption methods are deprecated because they are not secure.**
 
 ## Command line options
 

diff --git a/config.json b/config.json
@@ -3,6 +3,6 @@
     "server_port":8388,
     "local_port":1080,
     "password":"barfoo!",
-    "method": "aes-256-cfb",
+    "method": "aes-128-cfb",
     "timeout":600
 }
diff --git a/sample-config/client-multi-server.json b/sample-config/client-multi-server.json
@@ -1,7 +1,7 @@
 {
-	"local_port":1081,
+	"local_port": 1081,
 	"server_password": [
 		["127.0.0.1:8387", "foobar"],
-		["127.0.0.1:8388", "barfoo", "aes-256-cfb"]
+		["127.0.0.1:8388", "barfoo", "aes-128-cfb"]
 	]
 }
diff --git a/sample-config/server-multi-port.json b/sample-config/server-multi-port.json
@@ -3,6 +3,6 @@
 		"8387": "foobar",
 		"8388": "barfoo"
 	},
-	"method": "aes-256-cfb",
+	"method": "aes-128-cfb",
 	"timeout": 600
 }
diff --git a/shadowsocks/config_test.go b/shadowsocks/config_test.go
@@ -16,8 +16,8 @@ func TestConfigJson(t *testing.T) {
 	if config.Timeout != 600 {
 		t.Error("timeout should be 600")
 	}
-	if config.Method != "aes-256-cfb" {
-		t.Error("method should be aes-256-cfb")
+	if config.Method != "aes-128-cfb" {
+		t.Error("method should be aes-128-cfb")
 	}
 	srvArr := config.GetServerArray()
 	if len(srvArr) != 1 || srvArr[0] != "127.0.0.1" {
@@ -88,7 +88,7 @@ func TestClientMultiServerArray(t *testing.T) {
 	if sv[1] != "barfoo" {
 		t.Error("server_password 2nd server passwd wrong")
 	}
-	if sv[2] != "aes-256-cfb" {
+	if sv[2] != "aes-128-cfb" {
 		t.Error("server_password 2nd server enc method wrong")
 	}
 }