[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
IKEv2 security consideration over-statement
Greetings again. My apologies for not seeing this sooner. In the
security considerations section of IKEv2, it says:
The strength of a key derived from a Diffie-Hellman exchange using
any of the groups defined here depends on the inherent strength of
the group, the size of the exponent used, and the entropy provided by
the random number generator used. Due to these inputs it is difficult
to determine the strength of a key for any of the defined groups.
Diffie-Hellman group number two, when used with a strong random
number generator and an exponent no less than 200 bits, is sufficient
for use with 3DES. Groups three through five provide greater
security. Group one is for historic purposes only and does not
provide sufficient strength except for use with DES, which is also
for historic use only. Implementations should make note of these
conservative estimates when establishing policy and negotiating
security parameters.
The sentence "Diffie-Hellman group number two, when used with a
strong random number generator and an exponent no less than 200 bits,
is sufficient for use with 3DES" is probably not true. Group 2 (1024
bits) is probably equivalent to about 80 bits of symmetric strength,
not 112. A better wording for this sentence is "Diffie-Hellman group
number two, when used with a strong random number generator and an
exponent no less than 200 bits, is common for use with 3DES". That
is, most VPN systems only need 80ish bits of symmetric strength.
The sentence "Groups three through five provide greater security" is
misleading. Group 3 is 155 bits using elliptic curve, meaning about
77 bits of symmetric strength, similar to group 2. Group 4 (185 bits
using elliptic curve), or 92 bits of symmetric strength. Further, to
date, almost no one implements groups 3 and 4 due to lack of customer
demand and looming patent issued. It is better to change this to
simply say "Group five provides greater security than group two."
Also, maybe drop the word "conservative" in the last sentence since
it is not clear what it means.
--Paul Hoffman, Director
--VPN Consortium