RE: iSCSI: nits on SRP text key lengths
Paul Koning <ni1d@arrl.net> Wed, 10 April 2002 21:18 UTC
Return-Path: <owner-ips@ece.cmu.edu>
X-Sieve: cmu-sieve 2.0
Return-Path: <owner-ips@ece.cmu.edu>
Received: (from majordom@localhost) by ece.cmu.edu (8.11.0/8.10.2) id g3ALIQG06107 for ips-outgoing; Wed, 10 Apr 2002 17:18:26 -0400 (EDT)
X-Authentication-Warning: ece.cmu.edu: majordom set sender to owner-ips@ece.cmu.edu using -f
Received: from cygnus.equallogic.com (cygnus.equallogic.com [65.170.102.10]) by ece.cmu.edu (8.11.0/8.10.2) with SMTP id g3ALIOw06103 for <ips@ece.cmu.edu>; Wed, 10 Apr 2002 17:18:24 -0400 (EDT)
Received: from cygnus.equallogic.com (localhost.localdomain [127.0.0.1]) by cygnus.equallogic.com (8.11.6/8.11.6) with ESMTP id g3ALIIM04563 for <ips@ece.cmu.edu>; Wed, 10 Apr 2002 17:18:18 -0400
Received: from deneb.dev.equallogic.com (deneb.dev.equallogic.com [172.16.1.99]) by cygnus.equallogic.com (8.11.6/8.11.6) with ESMTP id g3ALIIX04554; Wed, 10 Apr 2002 17:18:18 -0400
Received: from pkoning.dev.equallogic.com.equallogic.com (localhost.localdomain [127.0.0.1]) by deneb.dev.equallogic.com (8.11.6/8.11.6) with SMTP id g3ALIIF14434; Wed, 10 Apr 2002 17:18:18 -0400
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Message-ID: <15540.44057.686580.948393@pkoning.dev.equallogic.com>
Date: Wed, 10 Apr 2002 17:18:17 -0400
From: Paul Koning <ni1d@arrl.net>
To: Black_David@emc.com
Cc: ips@ece.cmu.edu
Subject: RE: iSCSI: nits on SRP text key lengths
References: <277DD60FB639D511AC0400B0D068B71E02937754@CORPMX14>
X-Mailer: VM 7.01 under 21.1 (patch 11) "Carlsbad Caverns" XEmacs Lucid
Sender: owner-ips@ece.cmu.edu
Precedence: bulk
>>>>> "Black" == Black David <Black_David@emc.com> writes: Black> Careful - these keys have to be sent as text, not raw binary. Black> If a hex encoding is used, one gets 4 bits to the byte rather Black> than 8, so the current max would be 4096 bits. Yes, but the draft talks about the length limits for the binary data, NOT the length limit for the encoding. Black> Also the discussion of symmetric and asymmetric key lengths in Black> draft-orman-public-key-lengths-05.txt suggests that that a Black> 4096 bit limit might be prudent to give us some breathing room Black> going into the future (and one could use that draft to argue Black> for a significantly larger limit, but I won't). I recommend Black> reading the entire draft (it'll be out as an RFC soon), as Black> it's very tempting to oversimplify this sort of key length Black> discussion, which has some subtleties. For example, one might Black> think that if a 128 AES key were used with IPsec, an Black> equivalent strength IKE group (larger than 2048 bits) would be Black> needed, but that is *not* necessarily the case. Perhaps. But given that SRP and DH-CHAP both deal with passwords (because after all the argument against CHAP relates to dictionary attacks), the question becomes: how big a field modulus makes sense for protecting passwords? Given the entropy of passwords, I find it hard to justify a group larger than 768 bits, never mind one that goes into several thousand bits. The analogy with AES doesn't really apply because AES is far stronger than any plausible password scheme. paul
- RE: iSCSI: nits on SRP text key lengths Black_David
- iSCSI: nits on SRP text key lengths Paul Koning
- RE: iSCSI: nits on SRP text key lengths Paul Koning
- Re: iSCSI: nits on SRP text key lengths Julian Satran
- Re: iSCSI: nits on SRP text key lengths Paul Koning
- Re: iSCSI: nits on SRP text key lengths Julian Satran