[Authentication] Clarification of algorithm: dh-ietf1024-aes128-cbc-pkcs7

Brad Hards bradh at frogmouth.net
Fri Nov 26 14:43:48 PST 2010


On Saturday, November 27, 2010 09:18:36 am Stef Walter wrote:
> As implemented (in gnome-keyring at least) the Secret Service algorithm
> set dh-ietf1024-aes128-cbc-pkcs7 isn't as strong as it should be.
What is dh-ietf1024 in this algorithm? Asymmetric key strength isn't equal to 
symmetric key strength. A 1024-bit Diffie Hellman key is not as strong as a 128 
bit AES key.

>  * Use SHA256 to derive the key and use AES256 for encryption.
SHA256 is 128 bits of "effective" security. Use SHA256 with AES128, and SHA512 
with AES256.

>  * Use HKDF [1] to derive the key. Perhaps more complex than we need?
Security probably depends on which of the options (especially which hash) you 
choose.

Brad


More information about the Authentication mailing list