IETF-SSH archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: Key lengths for algorithms for variable-length keys



In article <Pine.HPX.4.58.0503081150460.5475%edison.cisco.com@localhost> you write:
>>    Key data MUST be taken from the beginning of the hash output.  As
>>    many bytes as are needed are taken from the beginning of the hash
>>    value. [...]
>
>I'll make these changes unless I hear objections.

Sounds good to me.

>I also see that about half of the occurances of bit lengths are of the
>form "nnn-bit" and the other half are of the form "nnn bit".  All of the
>occurances of byte lengths are of the format of "mmm bytes".  Unless I
>hear objections, I'm going to change these to be "nnn bit" and clean up
>the syntax a bit.

I don't really care, but: If you want an adjective, you should write
"128-bit"; if you want a noun, write "128 bits".  On this basis, the errors
I can find are:

   one initialization vector).  This is a block cipher with 8 byte
(should be "8-byte")
   The "blowfish-cbc" cipher is Blowfish in CBC mode, with 128 bit keys
(should be "128-bit")
   [SCHNEIER].  This is a block cipher with 8 byte blocks.
(should be "8-byte")
   The "twofish-cbc" or "twofish256-cbc" cipher is Twofish in CBC mode,
   with 256 bit keys as described [TWOFISH].  This is a block cipher
(should be "256-bit")
   with 16 byte blocks.
(should be ("16-byte")
   The "arcfour" is the Arcfour stream cipher with 128 bit keys.  The
(should be "128-bit")
   The value for 'dss_signature_blob' is encoded as a string containing
   r followed by s (which are 160 bits long integers, without lengths or
(should be "160-bit-long integers" or "160-bit integers")
   The "diffie-hellman-group1-sha1" method specifies Diffie-Hellman key
   exchange with SHA-1 as HASH, and Oakley Group 2 [RFC2409] (1024bit
(should be "1024-bit")
   The "diffie-hellman-group14-sha1" method specifies Diffie-Hellman key
   exchange with SHA-1 as HASH, and Oakley Group 14 [RFC3526] (2048bit
(should be "2048-bit")

in [SSH-ARCH]:
   Because MACs use a 32 bit sequence number, they might start to leak
(should be "32-bit")

>> > If this stipulation is meant to apply to all future algorithms, it
>> > seems like a particularly bad idea.  Is it intended to prevent me
>> > defining "arcfour-256%bjh21.me.uk@localhost" to be RC4 with a 256-bit key, for
>> > instance?  If not, what does it do?
>>
>> I agree this doesn't make sense.
>
>Does anything further need to be edited or clarified if the above changes
>are made?

No.

-- 
Ben Harris



Home | Main Index | Thread Index | Old Index