Why is the default DH keysize only 512 bits?

Alan DeKok aland at deployingradius.com
Fri Sep 29 07:44:23 CEST 2006


Jason Wittlin-Cohen <jasonwc at brandeis.edu> wrote:
> I noticed that the default DH keysize in FreeRadius 1.1.3 is 512 bits.

  If you're talking about the key length in the EAP-TLS module, it
looks like those aren't being used for anything.  See the source.

  It does look like the EAP-TLS code is setting a 512-bit ephemeral
RSA key, but my reading of the OpenSSL docs indicates it won't be
used, because SSL_OP_EPHEMERAL_RSA isn't being set.  So that code
could be deleted entirely.

> I originally thought that the DH
> keysize would be determined by the DH parameter file and only realized
> that it was still using 512 bit keys when I ran freeradius in debug
> mode.

  Which prints out configuration entries that aren't being used.

$ cd src/modules/rlm_eap
$ grep -r key_length .
./libeap/mppe_keys.c:	PRF(s->session->master_key, s->session->master_key_length,
./libeap/mppe_keys.c:	PRF(s->session->master_key, s->session->master_key_length,
./types/rlm_eap_tls/rlm_eap_tls.c:	{ "rsa_key_length", PW_TYPE_INTEGER,
./types/rlm_eap_tls/rlm_eap_tls.c:	  offsetof(EAP_TLS_CONF, rsa_key_length), NULL, "512" },
./types/rlm_eap_tls/rlm_eap_tls.c:	{ "dh_key_length", PW_TYPE_INTEGER,
./types/rlm_eap_tls/rlm_eap_tls.c:	  offsetof(EAP_TLS_CONF, dh_key_length), NULL, "512" },
./types/rlm_eap_tls/rlm_eap_tls.h:	int		rsa_key_length;
./types/rlm_eap_tls/rlm_eap_tls.h:	int		dh_key_length;

  See?  They're config options that aren't used.  They should be deleted.

> Also, it might be a good idea to put a comment in the TLS cipher suite
> comment section that the Microsoft Windows supplicant in Windows XP SP2
> uses RC4-MD5 by default (TLS_RSA_WITH_RC4_128_MD5).

  OK... the "cipher_list" configuration entry can be edited to force
particular methods, if you so desire.

> OpenSSL's 'HIGH' setting is probably the best for a Windows XP user
> as it uses EDH-RSA-DES-CBC3-SHA (TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA),
> so SHA1 is used for integrity, and DH is used for key exchange.

  OK.  That's good to note in the comments.

> Windows XP SP2 and earlier versions of Windows do not support AES
> for use in any of the EAP modes. Apparently, if you want to use AES
> you need to upgrade to Vista (See Security in Vista

  OK...

  Alan DeKok.
--
  http://deployingradius.com       - The web site of the book
  http://deployingradius.com/blog/ - The blog



More information about the Freeradius-Users mailing list