[Authentication] Clarification of algorithm: dh-ietf1024-aes128-cbc-pkcs7

Stef Walter stefw at gnome.org
Fri Nov 26 14:18:36 PST 2010


As implemented (in gnome-keyring at least) the Secret Service algorithm
set dh-ietf1024-aes128-cbc-pkcs7 isn't as strong as it should be.

After DH key exchange, the resulting 1024 bit key is truncated into a
short key used for AES. This is not optimal, and was brought up on the
gnome-keyring-list.

Here are some ways we can fix it. In either case, for compatibility, we
would add a new  algorithm set identifier and deprecate the old one.

 * Use MD5 to derive the key and use AES128 for encryption. However,
   MD5 is not recommended for use in crypto protocols.

 * Use SHA256 to derive the key and use AES256 for encryption.

 * Use HKDF [1] to derive the key. Perhaps more complex than we need?

Any other thoughts?

Cheers,

Stef

[1] http://tools.ietf.org/html/rfc5869


More information about the Authentication mailing list