3des cipher and DH group size

Petr Lautrbach plautrba at redhat.com
Wed Jan 22 03:14:03 EST 2014


Hello everybody,

An issue was reported in RH bugzilla [1] about the size of the used DH
group  when combined with the 3des-cbc cipher. OpenSSH uses the
actual key length for the size estimation. This is probably fine as far
as the cipher has the same number of bits of security as the key
length. But this is not true for 3TDEA where the key size is 168 resp
192 but it's security is only 112.

Given that the key size in openssh is set to 192, DH group size is
estimated to 7680. But according to NIST SP 800-57, the size of DH key
should be 2048 so openssh doesn't follow that  and it might cause
problems with key exchanges with some servers.

Would it make sense to extend the Cipher struct with the bits for
security and estimate  the DH size from this value? Or do
special handling just of 3des?

What do you think?

[1] https://bugzilla.redhat.com/show_bug.cgi?id=1053107

Thanks,

Petr
-- 
Petr Lautrbach
Security Technologies
Red Hat

Better technology. Faster innovation. Powered by community collaboration.
See how it works at redhat.com.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: OpenPGP digital signature
URL: <http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20140121/2256b157/attachment.bin>


More information about the openssh-unix-dev mailing list