[Authentication] Clarification of algorithm: dh-ietf1024-aes128-cbc-pkcs7
stefw at gnome.org
Fri Nov 26 14:18:36 PST 2010
As implemented (in gnome-keyring at least) the Secret Service algorithm
set dh-ietf1024-aes128-cbc-pkcs7 isn't as strong as it should be.
After DH key exchange, the resulting 1024 bit key is truncated into a
short key used for AES. This is not optimal, and was brought up on the
Here are some ways we can fix it. In either case, for compatibility, we
would add a new algorithm set identifier and deprecate the old one.
* Use MD5 to derive the key and use AES128 for encryption. However,
MD5 is not recommended for use in crypto protocols.
* Use SHA256 to derive the key and use AES256 for encryption.
* Use HKDF  to derive the key. Perhaps more complex than we need?
Any other thoughts?
More information about the Authentication