From 211bdfc36a81ab80a19f54e8adb48777ec0fa325 Mon Sep 17 00:00:00 2001
From: Chen Yufei <cyfdecyf@gmail.com>
Date: Sat, 5 Apr 2014 23:21:53 +0800
Subject: [PATCH] Recommend to use aes-128-cfb.

---
 README.md                              | 4 ++--
 config.json                            | 2 +-
 sample-config/client-multi-server.json | 4 ++--
 sample-config/server-multi-port.json   | 2 +-
 shadowsocks/config_test.go             | 6 +++---
 5 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/README.md b/README.md
index 20a0f81..abcacf0 100644
--- a/README.md
+++ b/README.md
@@ -51,9 +51,9 @@ SOCKS5 127.0.0.1:local_port
 
 ## About encryption methods
 
-AES is recommended for shadowsocks-go. ([Intel AES Instruction Set](http://en.wikipedia.org/wiki/AES_instruction_set) will be used if available and can make encryption/decryption fast.)
+AES is recommended for shadowsocks-go. [Intel AES Instruction Set](http://en.wikipedia.org/wiki/AES_instruction_set) will be used if available and can make encryption/decryption very fast. To be more specific, **`aes-128-cfb` is recommended as it is faster and [secure enough](https://www.schneier.com/blog/archives/2009/07/another_new_aes.html)**.
 
-**rc4 and table encryption methods are deprecated because they are not secure**.
+**rc4 and table encryption methods are deprecated because they are not secure.**
 
 ## Command line options
 
diff --git a/config.json b/config.json
index 95e79bc..8475f08 100644
--- a/config.json
+++ b/config.json
@@ -3,6 +3,6 @@
     "server_port":8388,
     "local_port":1080,
     "password":"barfoo!",
-    "method": "aes-256-cfb",
+    "method": "aes-128-cfb",
     "timeout":600
 }
diff --git a/sample-config/client-multi-server.json b/sample-config/client-multi-server.json
index 3651fad..21e2058 100644
--- a/sample-config/client-multi-server.json
+++ b/sample-config/client-multi-server.json
@@ -1,7 +1,7 @@
 {
-	"local_port":1081,
+	"local_port": 1081,
 	"server_password": [
 		["127.0.0.1:8387", "foobar"],
-		["127.0.0.1:8388", "barfoo", "aes-256-cfb"]
+		["127.0.0.1:8388", "barfoo", "aes-128-cfb"]
 	]
 }
diff --git a/sample-config/server-multi-port.json b/sample-config/server-multi-port.json
index 9a68cc3..39ac351 100644
--- a/sample-config/server-multi-port.json
+++ b/sample-config/server-multi-port.json
@@ -3,6 +3,6 @@
 		"8387": "foobar",
 		"8388": "barfoo"
 	},
-	"method": "aes-256-cfb",
+	"method": "aes-128-cfb",
 	"timeout": 600
 }
diff --git a/shadowsocks/config_test.go b/shadowsocks/config_test.go
index 90aaf8f..1dcef0c 100644
--- a/shadowsocks/config_test.go
+++ b/shadowsocks/config_test.go
@@ -16,8 +16,8 @@ func TestConfigJson(t *testing.T) {
 	if config.Timeout != 600 {
 		t.Error("timeout should be 600")
 	}
-	if config.Method != "aes-256-cfb" {
-		t.Error("method should be aes-256-cfb")
+	if config.Method != "aes-128-cfb" {
+		t.Error("method should be aes-128-cfb")
 	}
 	srvArr := config.GetServerArray()
 	if len(srvArr) != 1 || srvArr[0] != "127.0.0.1" {
@@ -88,7 +88,7 @@ func TestClientMultiServerArray(t *testing.T) {
 	if sv[1] != "barfoo" {
 		t.Error("server_password 2nd server passwd wrong")
 	}
-	if sv[2] != "aes-256-cfb" {
+	if sv[2] != "aes-128-cfb" {
 		t.Error("server_password 2nd server enc method wrong")
 	}
 }