Home
Reading
Searching
Subscribe
Sponsors
Statistics
Posting
Contact
Spam
Lists
Links
About
Hosting
Filtering
Features Download
Marketing
Archives
FAQ
Blog
 
Gmane
From: Dr. Stephen Henson <steve-MCmKBN63+BlAfugRpC6u6w <at> public.gmane.org>
Subject: Re: Size of ephemeral DH keys
Newsgroups: gmane.comp.encryption.openssl.user
Date: Tuesday 14th August 2012 22:24:22 UTC (over 4 years ago)
On Tue, Aug 14, 2012, [email protected]
wrote:

> Is there a correlation between the strength (size) of the asymmetric
keys
> used to do the authentication and the strength (size) of the ephemeral DH
> keys generated/used to protect the session key (during the key exchange)?
> 
> On first glance, in s3_srvr.c, it seems like the tmp_dh_callback()
function
> is only ever passed keylength == [512, 1024] - the result of the
> SSL_C_EXPORT_PKEYLENGTH() macro.  And a DH key of length 1024-bits is
> roughly equivalent to a 80-bit symmetric key.  It seems strange that it
> would be using a 80-bit key to protect the exchange of a 128- or 256-bit
> symmetric session key.
> 
> I'm probably missing something in the OpenSSL implementation.  The
> documentation for SSL_CTX_set_tmp_dh_callback() says that the
> "tmp_dh_callback is called with the keylength needed..."  But surely
this
> can't be only 512 or 1024...?  Is it up to the application to decide to
use
> a larger key size based on the information from the SSL structure passed
in?
> 

The actual key length is only meaningful if the "is_export" parameter is
non-zero. This a legacy from the days when there were export restrictions
on
strong crypto.

If is_export is zero you are free to use whatever parameter length you
consider appopriate but there is no guarantee the peer will support very
large
values. 

It is more common practice to use a fixed set of DH parameters through the
SSL_CTX_set_tmp_dh API instead of using the callback.

Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                   
[email protected]
Automated List Manager                          
[email protected]
 
CD: 3ms