IETF Logo Mail Archive

RE: iSCSI: nits on SRP text key lengths

Paul Koning <ni1d@arrl.net> Wed, 10 April 2002 21:18 UTC

Return-Path: <owner-ips@ece.cmu.edu>
X-Sieve: cmu-sieve 2.0
Return-Path: <owner-ips@ece.cmu.edu>
Received: (from majordom@localhost) by ece.cmu.edu (8.11.0/8.10.2) id g3ALIQG06107 for ips-outgoing; Wed, 10 Apr 2002 17:18:26 -0400 (EDT)
X-Authentication-Warning: ece.cmu.edu: majordom set sender to owner-ips@ece.cmu.edu using -f
Received: from cygnus.equallogic.com (cygnus.equallogic.com [65.170.102.10]) by ece.cmu.edu (8.11.0/8.10.2) with SMTP id g3ALIOw06103 for <ips@ece.cmu.edu>; Wed, 10 Apr 2002 17:18:24 -0400 (EDT)
Received: from cygnus.equallogic.com (localhost.localdomain [127.0.0.1]) by cygnus.equallogic.com (8.11.6/8.11.6) with ESMTP id g3ALIIM04563 for <ips@ece.cmu.edu>; Wed, 10 Apr 2002 17:18:18 -0400
Received: from deneb.dev.equallogic.com (deneb.dev.equallogic.com [172.16.1.99]) by cygnus.equallogic.com (8.11.6/8.11.6) with ESMTP id g3ALIIX04554; Wed, 10 Apr 2002 17:18:18 -0400
Received: from pkoning.dev.equallogic.com.equallogic.com (localhost.localdomain [127.0.0.1]) by deneb.dev.equallogic.com (8.11.6/8.11.6) with SMTP id g3ALIIF14434; Wed, 10 Apr 2002 17:18:18 -0400
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Message-ID: <15540.44057.686580.948393@pkoning.dev.equallogic.com>
Date: Wed, 10 Apr 2002 17:18:17 -0400
From: Paul Koning <ni1d@arrl.net>
To: Black_David@emc.com
Cc: ips@ece.cmu.edu
Subject: RE: iSCSI: nits on SRP text key lengths
References: <277DD60FB639D511AC0400B0D068B71E02937754@CORPMX14>
X-Mailer: VM 7.01 under 21.1 (patch 11) "Carlsbad Caverns" XEmacs Lucid
Sender: owner-ips@ece.cmu.edu
Precedence: bulk

>>>>> "Black" == Black David <Black_David@emc.com> writes:

 Black> Careful - these keys have to be sent as text, not raw binary.
 Black> If a hex encoding is used, one gets 4 bits to the byte rather
 Black> than 8, so the current max would be 4096 bits.

Yes, but the draft talks about the length limits for the binary data,
NOT the length limit for the encoding.

 Black> Also the discussion of symmetric and asymmetric key lengths in
 Black> draft-orman-public-key-lengths-05.txt suggests that that a
 Black> 4096 bit limit might be prudent to give us some breathing room
 Black> going into the future (and one could use that draft to argue
 Black> for a significantly larger limit, but I won't).  I recommend
 Black> reading the entire draft (it'll be out as an RFC soon), as
 Black> it's very tempting to oversimplify this sort of key length
 Black> discussion, which has some subtleties.  For example, one might
 Black> think that if a 128 AES key were used with IPsec, an
 Black> equivalent strength IKE group (larger than 2048 bits) would be
 Black> needed, but that is *not* necessarily the case.

Perhaps.  But given that SRP and DH-CHAP both deal with passwords
(because after all the argument against CHAP relates to dictionary
attacks), the question becomes: how big a field modulus makes sense
for protecting passwords?  Given the entropy of passwords, I find it
hard to justify a group larger than 768 bits, never mind one that goes
into several thousand bits.  The analogy with AES doesn't really apply
because AES is far stronger than any plausible password scheme.

	paul

v2.23.0 | Report a Bug | By Email