subject:"Re\: Why is the default DH keysize only 512 bits\?"

Re: Why is the default DH keysize only 512 bits?

2006-09-28 Thread Alan DeKok

Jason Wittlin-Cohen <[EMAIL PROTECTED]> wrote:
> I noticed that the default DH keysize in FreeRadius 1.1.3 is 512 bits.

  If you're talking about the key length in the EAP-TLS module, it
looks like those aren't being used for anything.  See the source.

  It does look like the EAP-TLS code is setting a 512-bit ephemeral
RSA key, but my reading of the OpenSSL docs indicates it won't be
used, because SSL_OP_EPHEMERAL_RSA isn't being set.  So that code
could be deleted entirely.

> I originally thought that the DH
> keysize would be determined by the DH parameter file and only realized
> that it was still using 512 bit keys when I ran freeradius in debug
> mode.

  Which prints out configuration entries that aren't being used.

$ cd src/modules/rlm_eap
$ grep -r key_length .
./libeap/mppe_keys.c:   PRF(s->session->master_key, 
s->session->master_key_length,
./libeap/mppe_keys.c:   PRF(s->session->master_key, 
s->session->master_key_length,
./types/rlm_eap_tls/rlm_eap_tls.c:  { "rsa_key_length", PW_TYPE_INTEGER,
./types/rlm_eap_tls/rlm_eap_tls.c:offsetof(EAP_TLS_CONF, 
rsa_key_length), NULL, "512" },
./types/rlm_eap_tls/rlm_eap_tls.c:  { "dh_key_length", PW_TYPE_INTEGER,
./types/rlm_eap_tls/rlm_eap_tls.c:offsetof(EAP_TLS_CONF, 
dh_key_length), NULL, "512" },
./types/rlm_eap_tls/rlm_eap_tls.h:  int rsa_key_length;
./types/rlm_eap_tls/rlm_eap_tls.h:  int dh_key_length;

  See?  They're config options that aren't used.  They should be deleted.

> Also, it might be a good idea to put a comment in the TLS cipher suite
> comment section that the Microsoft Windows supplicant in Windows XP SP2
> uses RC4-MD5 by default (TLS_RSA_WITH_RC4_128_MD5).

  OK... the "cipher_list" configuration entry can be edited to force
particular methods, if you so desire.

> OpenSSL's 'HIGH' setting is probably the best for a Windows XP user
> as it uses EDH-RSA-DES-CBC3-SHA (TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA),
> so SHA1 is used for integrity, and DH is used for key exchange.

  OK.  That's good to note in the comments.

> Windows XP SP2 and earlier versions of Windows do not support AES
> for use in any of the EAP modes. Apparently, if you want to use AES
> you need to upgrade to Vista (See Security in Vista

  OK...

  Alan DeKok.
--
  http://deployingradius.com   - The web site of the book
  http://deployingradius.com/blog/ - The blog
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Why is the default DH keysize only 512 bits?

2006-09-29 Thread Jason Wittlin-Cohen







Alan DeKok wrote:

  Jason Wittlin-Cohen <[EMAIL PROTECTED]> wrote:
  
  
I noticed that the default DH keysize in FreeRadius 1.1.3 is 512 bits.

  
  
  If you're talking about the key length in the EAP-TLS module, it
looks like those aren't being used for anything.  See the source.

  It does look like the EAP-TLS code is setting a 512-bit ephemeral
RSA key, but my reading of the OpenSSL docs indicates it won't be
used, because SSL_OP_EPHEMERAL_RSA isn't being set.  So that code
could be deleted entirely.
  


  
  
  
I originally thought that the DH
keysize would be determined by the DH parameter file and only realized
that it was still using 512 bit keys when I ran freeradius in debug
mode.

  
  
  Which prints out configuration entries that aren't being used.

$ cd src/modules/rlm_eap
$ grep -r key_length .
./libeap/mppe_keys.c:	PRF(s->session->master_key, s->session->master_key_length,
./libeap/mppe_keys.c:	PRF(s->session->master_key, s->session->master_key_length,
./types/rlm_eap_tls/rlm_eap_tls.c:	{ "rsa_key_length", PW_TYPE_INTEGER,
./types/rlm_eap_tls/rlm_eap_tls.c:	  offsetof(EAP_TLS_CONF, rsa_key_length), NULL, "512" },
./types/rlm_eap_tls/rlm_eap_tls.c:	{ "dh_key_length", PW_TYPE_INTEGER,
./types/rlm_eap_tls/rlm_eap_tls.c:	  offsetof(EAP_TLS_CONF, dh_key_length), NULL, "512" },
./types/rlm_eap_tls/rlm_eap_tls.h:	int		rsa_key_length;
./types/rlm_eap_tls/rlm_eap_tls.h:	int		dh_key_length;

  See?  They're config options that aren't used.  They should be deleted.
  

So, if dh_key_length is being ignored, how is the DH key size
determined? By the DH parameter file?

Jason



- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Why is the default DH keysize only 512 bits?

2006-09-29 Thread Alan DeKok

Jason Wittlin-Cohen <[EMAIL PROTECTED]> wrote:
> So, if dh_key_length is being ignored, how is the DH key size
> determined? By the DH parameter file?

  Apparently.

  Alan DeKok.
--
  http://deployingradius.com   - The web site of the book
  http://deployingradius.com/blog/ - The blog
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Why is the default DH keysize only 512 bits?

Re: Why is the default DH keysize only 512 bits?

Re: Why is the default DH keysize only 512 bits?

3 matches

Site Navigation

Mail list logo

Footer information