Closed
Bug 918231
Opened 11 years ago
Closed 6 months ago
key size and secret key size both are 168 for SSL_RSA_WITH_3DES_EDE_CBC_SHA :000A
Categories
(NSS :: Libraries, defect, P5)
Tracking
(Not tracked)
RESOLVED
WONTFIX
People
(Reporter: u238590, Unassigned)
Details
Attachments
(2 files, 1 obsolete file)
813 bytes,
text/plain
|
Details | |
1.32 KB,
patch
|
Details | Diff | Splinter Review |
I found that "key size" and "secret key size" both are 168 for SSL_RSA_WITH_3DES_EDE_CBC_SHA i.e. :000A. I am expecting "effective key size" to be "112" not "168". I have used vfyserv utility to test this. It is using NSS API SSL_SecurityStatus. https://developer.mozilla.org/en-US/docs/NSS/SSL_functions/sslfnc.html#1092805 I tested with two ciphers both have the same value for key size and secret key size : bulk cipher RC4, 128 secret key bits, 128 key bits, status: 1 bulk cipher 3DES-EDE-CBC, 168 secret key bits, 168 key bits, status: 1 Expected values : cipher SYMMETRIC KEY SIZE EFFECTIVE SYMMETRIC KEY SIZE for AES and RC4 ciphers given below I both these will be the same SSL_RSA_WITH_RC4_128_MD5 128 128 SSL_RSA_WITH_RC4_128_SHA 128 128 TLS_RSA_WITH_AES_128_CBC_SHA 128 128 TLS_RSA_WITH_AES_256_CBC_SHA 256 256 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 256 256 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 128 128 TLS_ECDHE_RSA_WITH_RC4_128_SHA 128 128 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA 256 256 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA 128 128 TLS_ECDHE_ECDSA_WITH_RC4_128_SHA 128 128 But for these 3DES ciphers I am expecting it to be "112" not "168" SSL_RSA_WITH_3DES_EDE_CBC_SHA 168 112 TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA 168 112 TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA 168 112 ---------------- See http://en.wikipedia.org/wiki/Triple_DES#Security Triple DES has a 168 bit key size but only 112 bit effective keys size. For RC4 and AES algorithms, the actual and effective symmetric key sizes are the same. -----------------
Comment 1•11 years ago
|
||
I think the effective symmetric key size probably only applies to the EXPORT cipher suites, whose keys are artificially weakened. Bob, do you know?
Julien gave me this link : "The "effective key size" we need is also called strength, from NIST SP800-57 . http://csrc.nist.gov/publications/nistpubs/800-57/sp800-57_part1_rev3_general.pdf See section 5.6.1 , table 2."
Updated•11 years ago
|
Attachment #807096 -
Attachment mime type: application/octet-stream → text/plain
Comment 3•11 years ago
|
||
Bob: do you think it is OK to make this change? This patch changes the |secretKeySize| output of SSL_SecurityStatus from 168 bits to 112 bits. Meena: as I noted in comment 1, the raw value for the |secretKeySize| output of SSL_SecurityStatus differs from the raw value for the |keySize| output only for the EXPORT cipher suites. It seems bad to modify the value returned in the |secretKeySize| output for Triple DES cipher suites because they are not EXPORT cipher suites. However, I found that SSL_SecurityStatus already modifies the values returned in the |keySize| and |secretKeySize| outputs for DES and Triple DES cipher suites (to ignore the parity bits in DES keys). http://bonsai.mozilla.org/cvsblame.cgi?file=mozilla/security/nss/lib/ssl/sslauth.c&rev=1.20&mark=58,63,97,105-106,109-110#57 So it may be OK to modify the |secretKeySize| output further for Triple DES cipher suites.
Attachment #817585 -
Flags: review?(rrelyea)
Comment 4•11 years ago
|
||
I made a minor change to the patch (to multiply and then divide).
Attachment #817585 -
Attachment is obsolete: true
Attachment #817585 -
Flags: review?(rrelyea)
Attachment #817586 -
Flags: review?(rrelyea)
Updated•11 years ago
|
OS: Linux → All
Hardware: x86 → All
Updated•2 years ago
|
Severity: normal → S3
Updated•6 months ago
|
Status: NEW → RESOLVED
Closed: 6 months ago
Priority: -- → P5
Resolution: --- → WONTFIX
You need to log in
before you can comment on or make changes to this bug.
Description
•