Closed Bug 918231 Opened 12 years ago Closed 2 years ago

key size and secret key size both are 168 for SSL_RSA_WITH_3DES_EDE_CBC_SHA :000A

Categories

(NSS :: Libraries, defect, P5)

Product:
NSS
Component:
Libraries
Version:
3.11.1
Type:
defect

Tracking

(Not tracked)

Status:
RESOLVED WONTFIX

People

(Reporter: u238590, Unassigned)

Details

Attachments

(2 files, 1 obsolete file)

script to test, it starts selfserv as server and vfyserv as client
813 bytes, text/plain
Details
Patch for the requested change, v2
1.32 KB, patch
wtc
: review?
rrelyea
Details | Diff | Splinter Review
I found that "key size" and "secret key size" both are 168 for SSL_RSA_WITH_3DES_EDE_CBC_SHA i.e. :000A. I am expecting "effective key size" to be "112" not "168". I have used vfyserv utility to test this. It is using NSS API SSL_SecurityStatus. https://developer.mozilla.org/en-US/docs/NSS/SSL_functions/sslfnc.html#1092805 I tested with two ciphers both have the same value for key size and secret key size : bulk cipher RC4, 128 secret key bits, 128 key bits, status: 1 bulk cipher 3DES-EDE-CBC, 168 secret key bits, 168 key bits, status: 1 Expected values : cipher SYMMETRIC KEY SIZE EFFECTIVE SYMMETRIC KEY SIZE for AES and RC4 ciphers given below I both these will be the same SSL_RSA_WITH_RC4_128_MD5 128 128 SSL_RSA_WITH_RC4_128_SHA 128 128 TLS_RSA_WITH_AES_128_CBC_SHA 128 128 TLS_RSA_WITH_AES_256_CBC_SHA 256 256 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 256 256 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 128 128 TLS_ECDHE_RSA_WITH_RC4_128_SHA 128 128 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA 256 256 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA 128 128 TLS_ECDHE_ECDSA_WITH_RC4_128_SHA 128 128 But for these 3DES ciphers I am expecting it to be "112" not "168" SSL_RSA_WITH_3DES_EDE_CBC_SHA 168 112 TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA 168 112 TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA 168 112 ---------------- See http://en.wikipedia.org/wiki/Triple_DES#Security Triple DES has a 168 bit key size but only 112 bit effective keys size. For RC4 and AES algorithms, the actual and effective symmetric key sizes are the same. -----------------
I think the effective symmetric key size probably only applies to the EXPORT cipher suites, whose keys are artificially weakened. Bob, do you know?
Julien gave me this link : "The "effective key size" we need is also called strength, from NIST SP800-57 . http://csrc.nist.gov/publications/nistpubs/800-57/sp800-57_part1_rev3_general.pdf See section 5.6.1 , table 2."
Attachment #807096 - Attachment mime type: application/octet-stream → text/plain
Attached patch Patch for the requested change (obsolete) — Splinter Review
Bob: do you think it is OK to make this change? This patch changes the |secretKeySize| output of SSL_SecurityStatus from 168 bits to 112 bits. Meena: as I noted in comment 1, the raw value for the |secretKeySize| output of SSL_SecurityStatus differs from the raw value for the |keySize| output only for the EXPORT cipher suites. It seems bad to modify the value returned in the |secretKeySize| output for Triple DES cipher suites because they are not EXPORT cipher suites. However, I found that SSL_SecurityStatus already modifies the values returned in the |keySize| and |secretKeySize| outputs for DES and Triple DES cipher suites (to ignore the parity bits in DES keys). http://bonsai.mozilla.org/cvsblame.cgi?file=mozilla/security/nss/lib/ssl/sslauth.c&rev=1.20&mark=58,63,97,105-106,109-110#57 So it may be OK to modify the |secretKeySize| output further for Triple DES cipher suites.
Attachment #817585 - Flags: review?(rrelyea)
I made a minor change to the patch (to multiply and then divide).
Attachment #817585 - Attachment is obsolete: true
Attachment #817585 - Flags: review?(rrelyea)
Attachment #817586 - Flags: review?(rrelyea)
OS: Linux → All
Hardware: x86 → All
Severity: normal → S3
Status: NEW → RESOLVED
Closed: 2 years ago
Priority: -- → P5
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: