Re: [TLS] Short Ephermal Diffie-Hellman keys

To: "Nelson B Bolyard" <nelson at bolyard.com>
Subject: Re: [TLS] Short Ephermal Diffie-Hellman keys
From: "Yngve N. Pettersen (Developer Opera Software ASA)" <yngve at opera.com>
Date: Mon, 14 May 2007 22:18:50 +0200
Cc: tls at lists.ietf.org
In-reply-to: <4648AEA2.3020506@bolyard.com>
List-archive: <http://www1.ietf.org/pipermail/tls>
List-help: <mailto:tls-request@lists.ietf.org?subject=help>
List-id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.lists.ietf.org>
List-post: <mailto:tls@lists.ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=unsubscribe>
Organization: Opera Software AS
References: <op.tsa3n9ttqrq7tp@nimisha.oslo.opera.com> <4648AEA2.3020506@bolyard.com>
User-agent: Opera Mail/9.20 (Win32)

Hello Nelson,

On Mon, 14 May 2007 20:46:58 +0200, Nelson B Bolyard <nelson at bolyard.com> wrote:

Yngve N. Pettersen (Developer Opera Software ASA) wrote:

Hello all,

I have recently started to see an increasing number of reports about
SSL/TLS servers using short Ephermal Diffie-Hellman keys, in some cases
very short ones.

Opera's SSL/TLS client will display warnings to users if the server is
using RSA/DH/DSA keys shorter than (currently) 900 bits.

Do you mean the length of the public value? or the length of the prime P?

Do you really wish to disallow public values that are low numeric values
even when the prime P is adequately large?

The keysize used by Opera for DH keys is calculated using OpenSSL's DH_size function, which returns the number of bytes in the "P" element of the DH (dh_st) structure, which is then multiplied by 8 (so the real size may be 7 bits lower than stated; should probably use a more low level call). Background: EVP_PKEY_bits does not return anything about DH keys, which is why DH_size is used.


--
Sincerely,
Yngve N. Pettersen
 
********************************************************************
Senior Developer                     Email: yngve at opera.com
Opera Software ASA                   http://www.opera.com/
Phone:  +47 24 16 42 60              Fax:    +47 24 16 40 01
********************************************************************

_______________________________________________
TLS mailing list
TLS at lists.ietf.org
https://www1.ietf.org/mailman/listinfo/tls

References:
- [TLS] Short Ephermal Diffie-Hellman keys
  - From: Yngve N. Pettersen (Developer Opera Software ASA)
- Re: [TLS] Short Ephermal Diffie-Hellman keys
  - From: Nelson B Bolyard

Prev by Date: Re: [TLS] Short Ephermal Diffie-Hellman keys
Next by Date: RE: [TLS] Short Ephermal Diffie-Hellman keys
Previous by thread: Re: [TLS] Short Ephermal Diffie-Hellman keys
Next by thread: Re: [TLS] Short Ephermal Diffie-Hellman keys
Index(es):
- Date
- Thread

Re: [TLS] Short Ephermal Diffie-Hellman keys

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.