Re: Key lengths for algorithms for variable-length keys

To: Ben Harris <bjh21%bjh21.me.uk@localhost>
Subject: Re: Key lengths for algorithms for variable-length keys
From: nisse%lysator.liu.se@localhost (Niels Möller)
Date: 03 Mar 2005 09:09:22 +0100

Ben Harris <bjh21%bjh21.me.uk@localhost> writes:

> transport-23, in section 7.2, says:
> 
>     128 bits (16 bytes) MUST be used for algorithms with variable-length
>     keys.  The only variable key length algorithm defined in this
>     document is arcfour).

I agree this is awkward. I'd suggest the paragraph is cut down from

   Key data MUST be taken from the beginning of the hash output.  128
   bits (16 bytes) MUST be used for algorithms with variable-length
   keys.  The only variable key length algorithm defined in this
   document is arcfour).  For other algorithms, as many bytes as are
   needed are taken from the beginning of the hash value. [...]

to

   Key data MUST be taken from the beginning of the hash output.  As
   many bytes as are needed are taken from the beginning of the hash
   value. [...]

For key length, we already have the general recommendation "All ciphers
SHOULD use keys with an effective key length of 128 bits or more." in
6.3. For arcfour in particular, it may be a little confusing that it's
named "arcfour" rather than "arcfour-128", but the description

   The "arcfour" is the Arcfour stream cipher with 128 bit keys.

makes it clear which key length is used. (Small nit: "cipher" should be
inserted like 

   The "arcfour" cipher is the Arcfour stream cipher with 128 bit keys.

)

For improved clarity, one could also add the arcfour keylength to the
table. Before:

     ...
     serpent128-cbc   OPTIONAL          Serpent with 128-bit key
     arcfour          OPTIONAL          the ARCFOUR stream cipher
     idea-cbc         OPTIONAL          IDEA in CBC mode
     ...

After:

     ...
     serpent128-cbc   OPTIONAL          Serpent with 128-bit key
     arcfour          OPTIONAL          the ARCFOUR stream cipher
                                        with 128 bit key
     idea-cbc         OPTIONAL          IDEA in CBC mode
     ...

> If this stipulation is meant to apply to all future algorithms, it
> seems like a particularly bad idea.  Is it intended to prevent me
> defining "arcfour-256%bjh21.me.uk@localhost" to be RC4 with a 256-bit key, for
> instance?  If not, what does it do?

I agree this doesn't make sense.

Regards,
/Niels

Follow-Ups:
- Re: Key lengths for algorithms for variable-length keys
  - From: Chris Lonvick

References:
- Key lengths for algorithms for variable-length keys
  - From: Ben Harris

Prev by Date: Key lengths for algorithms for variable-length keys
Next by Date: Where to find protocol spec for SCP under SSH-1
Previous by Thread: Key lengths for algorithms for variable-length keys
Next by Thread: Re: Key lengths for algorithms for variable-length keys
Indexes:

Home | Main Index | Thread Index | Old Index