[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: AI-2006-02-15-04
SUMMARY: Use of P_SHA1 for constructing secret keys in TLS 1.0 (RFC 2246) involves the use of a 24-byte secret (first argument) and 64-byte seed (second argument). WS-Trust and WS-SecureConversation should either adopt this restriction on its usage of P_Sha1, or describe alternative qualifications/restrictions on entropy length and key size. BACKGROUND: WS-Trust and WS-SecureConversation use the P_SHA1 function taken from RFC 2246 (TLS 1.0). The following usages of P_SHA1 are found in these drafts: (1) Section 4.2.4, Returning Computed Keys, ws-trust-1.3-spec-ed-01 The key is computed using P_SHA1 from the TLS specification to generate a bit stream using entropy from both sides. The exact form is: key = P_SHA1 (EntREQ, EntRES) (2) Section 8.8, Protecting Exchanges, ws-trust-1.3-spec-ed-01 The key is computed using P_SHA1 as follows: H=SHA1(ExclC14N(RST...RSTRs)) X=encrypting H using negotiatied key and mechanism Key=P_SHA1(X,H+"CK-HASH") The octets for the "CK-HASH" string are the UTF-8 octets. (3) (lines 658-660), ws-secureconversation-1.3-spec-ed-01 We use a subset of the mechanism defined for TLS in RFC 2246. Specifically, we use the P_SHA-1 function to generate a sequence of bytes that can be used to generate security keys.
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]