[e-lang] E-on-CL progress, and request for information

Bill Frantz frantz at pwpconsult.com
Tue Jul 19 23:31:13 EDT 2005 

On 6/25/05, tyler.close at gmail.com (Tyler Close) wrote:

>The acceptable cyphersuites are determined by the Keyspace
>implementation. Right now, there's just one implementation of the
>Keyspace interface: org.waterken.url.tls.sha1withrsa.Keyspace. For
>this Keyspace, the acceptable ciphersuites are, in order of
>preference:
>
>    /**
>     * The acceptable ciphersuites.
>     */
>    private static final String[] ACCEPTABLE = new String[] {
>        "TLS_DHE_RSA_WITH_AES_128_CBC_SHA",
>        "SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA",
>        "TLS_RSA_WITH_AES_128_CBC_SHA",
>        "SSL_RSA_WITH_RC4_128_SHA",
>        "SSL_RSA_WITH_3DES_EDE_CBC_SHA"
>    };

Several points about these selections...


-1-

The ciphersuites:

        "TLS_DHE_RSA_WITH_AES_128_CBC_SHA",
        "SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA",

provide "perfect forward security", which (loosely) means that when a session between two vats ends, all the keys necessary to decrypt that session are destroyed.

The ciphersuites:

        "TLS_RSA_WITH_AES_128_CBC_SHA",
        "SSL_RSA_WITH_RC4_128_SHA",
        "SSL_RSA_WITH_3DES_EDE_CBC_SHA"

encrypt the session key with the RSA key.  Anyone having access to the (long lived) RSA secret key can decrypt the session at any later time until that RSA key is destroyed.


-2-

Using only RSA for vat identity imposes a very large cost on ephemeral vats that have identity.  Generating an RSA key pair is a fairly heavy weight operation.  It involves finding two large primes.  The space of possible numbers has to be searched, and a "probable prime" operation has to be performed on each candidate until a prime is found.  This process can use many second of CPU time on a modern processor.

DSA, for all its flaws, does not share this problem.  To generate a new DSA key pair, you start by selecting a 160 bit random number, and then perform a few big number mod/exp operations etc.  This process is well under a second on modern processors.


-3-

I worry about using RC4 in new applications.  While I don't know anything explicitly wrong with it, experiments show weak non-random behavior in the first 1000 or so outputs from the PRNG.  That makes me worry.

Cheers - Bill

-----------------------------------------------------------------------
Bill Frantz        | gets() remains as a monument | Periwinkle 
(408)356-8506      | to C's continuing support of | 16345 Englewood Ave
www.pwpconsult.com | buffer overruns.             | Los Gatos, CA 95032

More information about the e-lang mailing list