Currently, arctwo-meta.c defines nettle_cipher structs for three key sizes,
nettle_arctwo40 nettle_arctwo64 nettle_arctwo128
I'm thinking that 40 bit and 64 bit keys are way too small, and I hope they aren't mainstream, and then maybe the first two definitions can be deleted.
(Keeping them for backwards compatibility is no big deal, but I'd prefer to only have reasonably secure ciphers on the nettle_ciphers list). The underlying arctwo_set_key function would still support all key sizes specified for arctwo, for applications which really need that.
The arctwo code, including these definitions, was added back in 2004 (a decade ago!), and the header says
/* This implementation was written by Nikos Mavroyanopoulos for GNUTLS * as a Libgcrypt module (gnutls/lib/x509/rc2.c) and later adapted for * direct use by Libgcrypt by Werner Koch and later adapted for direct * use by Nettle by Simon Josefsson and Niels Möller. * * The implementation here is based on Peter Gutmann's RRC.2 paper and * RFC 2268. */
Does anyone here know what applications or protocols use arctwo, and with which key sizes?
Regards, /Niels
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Aloha!
Niels Möller wrote:
Does anyone here know what applications or protocols use arctwo, and with which key sizes?
There are cipher suites in both SSLv3 and TLS 1.0 that uses RC2 as session cipher. These are part of the EXPORT ciphers with 40 bit keys.
I tried to look at the report cards from SSL Labs to see how many actually includes them in the handshake. Judging by somewhat old stats from Qyalys quite a few servers support RC2 with 40 bit key as well as 128 bit key.
- -- Med vänlig hälsning, Yours
Joachim Strömbergson - Alltid i harmonisk svängning. ======================================================================== Joachim Strömbergson Secworks AB joachim@secworks.se ========================================================================
On Wed, Jan 29, 2014 at 9:21 AM, Joachim Strömbergson joachim@secworks.se wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Aloha! Niels Möller wrote:
Does anyone here know what applications or protocols use arctwo, and with which key sizes?
There are cipher suites in both SSLv3 and TLS 1.0 that uses RC2 as session cipher. These are part of the EXPORT ciphers with 40 bit keys.
Indeed. In gnutls, however, we never used RC2-40, we had support for RC4-40 only. Nowdays the export ciphersuites have been dropped so we don't have either.
However, RC2-40 is used in gnutls to decrypt PKCS #12 files, so it would be good for RC2-40 to remain so that decryption of any existing files will remain possible.
regards, Nikos
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Aloha!
Nikos Mavrogiannopoulos wrote:
However, RC2-40 is used in gnutls to decrypt PKCS #12 files, so it would be good for RC2-40 to remain so that decryption of any existing files will remain possible.
Yes, forgot to write about P12 where RC2 can be used. Don't know how common it is though.
- -- Med vänlig hälsning, Yours
Joachim Strömbergson - Alltid i harmonisk svängning. ======================================================================== Joachim Strömbergson Secworks AB joachim@secworks.se ========================================================================
You wrote:
Aloha!
Nikos Mavrogiannopoulos wrote:
However, RC2-40 is used in gnutls to decrypt PKCS #12 files, so it would be good for RC2-40 to remain so that decryption of any existing files will remain possible.
Yes, forgot to write about P12 where RC2 can be used. Don't know how common it is though.
Last time I looked closely (~3-4 years ago) RC2-40 was quite common when non-FOSS code were involved (e.g., Windows). I'm hoping implementations have been changed since then, but files generated back then must still be quite common, and thus useful to decrypt.
/Simon
Nikos Mavrogiannopoulos n.mavrogiannopoulos@gmail.com writes:
However, RC2-40 is used in gnutls to decrypt PKCS #12 files, so it would be good for RC2-40 to remain so that decryption of any existing files will remain possible.
Ok, I leave that in, then.
Regards, /Niels
nettle-bugs@lists.lysator.liu.se
-
Joachim Strömbergson -
Nikos Mavrogiannopoulos -
nisse@lysator.liu.se -
Simon Josefsson