Re: Key lengths for algorithms for variable-length keys

To: ietf-ssh%NetBSD.org@localhost
Subject: Re: Key lengths for algorithms for variable-length keys
From: Chris Lonvick <clonvick%cisco.com@localhost>
Date: Tue, 8 Mar 2005 11:59:05 -0800 (PST)

Hi,

On Thu, 3 Mar 2005, [iso-8859-1] Niels Möller wrote:

> Ben Harris <bjh21%bjh21.me.uk@localhost> writes:
>
> > transport-23, in section 7.2, says:
> >
> >     128 bits (16 bytes) MUST be used for algorithms with variable-length
> >     keys.  The only variable key length algorithm defined in this
> >     document is arcfour).
>
> I agree this is awkward. I'd suggest the paragraph is cut down from
>
>    Key data MUST be taken from the beginning of the hash output.  128
>    bits (16 bytes) MUST be used for algorithms with variable-length
>    keys.  The only variable key length algorithm defined in this
>    document is arcfour).  For other algorithms, as many bytes as are
>    needed are taken from the beginning of the hash value. [...]
>
> to
>
>    Key data MUST be taken from the beginning of the hash output.  As
>    many bytes as are needed are taken from the beginning of the hash
>    value. [...]

I'll make these changes unless I hear objections.

>
> For key length, we already have the general recommendation "All ciphers
> SHOULD use keys with an effective key length of 128 bits or more." in
> 6.3. For arcfour in particular, it may be a little confusing that it's
> named "arcfour" rather than "arcfour-128", but the description
>
>    The "arcfour" is the Arcfour stream cipher with 128 bit keys.
>
> makes it clear which key length is used. (Small nit: "cipher" should be
> inserted like
>
>    The "arcfour" cipher is the Arcfour stream cipher with 128 bit keys.

OK.

>
> )
>
> For improved clarity, one could also add the arcfour keylength to the
> table. Before:
>
>      ...
>      serpent128-cbc   OPTIONAL          Serpent with 128-bit key
>      arcfour          OPTIONAL          the ARCFOUR stream cipher
>      idea-cbc         OPTIONAL          IDEA in CBC mode
>      ...
>
> After:
>
>      ...
>      serpent128-cbc   OPTIONAL          Serpent with 128-bit key
>      arcfour          OPTIONAL          the ARCFOUR stream cipher
>                                         with 128 bit key
>      idea-cbc         OPTIONAL          IDEA in CBC mode
>      ...

OK.

I also see that about half of the occurances of bit lengths are of the
form "nnn-bit" and the other half are of the form "nnn bit".  All of the
occurances of byte lengths are of the format of "mmm bytes".  Unless I
hear objections, I'm going to change these to be "nnn bit" and clean up
the syntax a bit.  As in the above, it will be:

Formerly:
      serpent128-cbc   OPTIONAL          Serpent with 128-bit key

Proposed:
      serpent128-cbc   OPTIONAL          Serpent with a 128 bit key


>
> > If this stipulation is meant to apply to all future algorithms, it
> > seems like a particularly bad idea.  Is it intended to prevent me
> > defining "arcfour-256%bjh21.me.uk@localhost" to be RC4 with a 256-bit key, for
> > instance?  If not, what does it do?
>
> I agree this doesn't make sense.

Does anything further need to be edited or clarified if the above changes
are made?

Thanks,
Chris

Follow-Ups:
- Re: Key lengths for algorithms for variable-length keys
  - From: Ben Harris

References:
- Key lengths for algorithms for variable-length keys
  - From: Ben Harris
- Re: Key lengths for algorithms for variable-length keys
  - From: Niels Möller

Prev by Date: UTF8 username/password issue summary
Next by Date: MP3 audio streaming for IETF 62
Previous by Thread: Re: Key lengths for algorithms for variable-length keys
Next by Thread: Re: Key lengths for algorithms for variable-length keys
Indexes:

Home | Main Index | Thread Index | Old Index