[Cryptography] Java: The 1990s called, they want their keys back!
Sandy Harris
sandyinchina at gmail.com
Sun Jun 8 11:55:55 EDT 2014
Peter Gutmann <pgut001 at cs.auckland.ac.nz> wrote:
> This is for DH keys:
>
> java.security.InvalidAlgorithmParameterException: Prime size must be
> multiple of 64, and can only range from 512 to 1024 (inclusive)
>
> java.lang.RuntimeException: Could not generate DH keypair
>
> I know that you should never attribute to malice what is adequately explained
> by stupidity but man, 512-bit keys in 2014 is a lot of stupid.
As far back as the late 90s, FreeS/WAN refused to implement
things the IPsec RFCs required that we considered insecure:
single DES, null encryption, and 768-bit DH Group 1. This
caused almost no compatibility problems since more-or-less
all implementers provide 3DES and 1536-bit DH Group 5.
http://www.freeswan.org/freeswan_trees/CURRENT-TREE/doc/compat.html#dropped
These are complete no-brainers, should have been fixed
in the RFCs.
FreeS/WAN did implement an option for IPsec without
forward secrecy, though PFS was the default. That was
required for some compatibility reasons, though it is
another thing the RFCs should have disallowed.
More information about the cryptography
mailing list