[Authentication] Clarification of algorithm: dh-ietf1024-aes128-cbc-pkcs7
Stef Walter
stefw at gnome.org
Fri Nov 26 14:18:36 PST 2010
As implemented (in gnome-keyring at least) the Secret Service algorithm
set dh-ietf1024-aes128-cbc-pkcs7 isn't as strong as it should be.
After DH key exchange, the resulting 1024 bit key is truncated into a
short key used for AES. This is not optimal, and was brought up on the
gnome-keyring-list.
Here are some ways we can fix it. In either case, for compatibility, we
would add a new algorithm set identifier and deprecate the old one.
* Use MD5 to derive the key and use AES128 for encryption. However,
MD5 is not recommended for use in crypto protocols.
* Use SHA256 to derive the key and use AES256 for encryption.
* Use HKDF [1] to derive the key. Perhaps more complex than we need?
Any other thoughts?
Cheers,
Stef
[1] http://tools.ietf.org/html/rfc5869
More information about the Authentication
mailing list