Re: chacha20 cipher_algbits is 0

Mon, 25 May 2015 13:28:04 -0700 

On Mon, May 25, 2015 at 6:57 AM, Tim Kuijsten <i...@netsend.nl> wrote:
> Since I'm running postfix with LibreSSL, some clients encrypt the connection
> using ECDHE-RSA-CHACHA20-POLY1305. Now I'm used to seeing headers like
> "using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)" . But
> these ChaCha20 headers look like "using TLSv1.2 with cipher
> ECDHE-RSA-CHACHA20-POLY1305 (256/0 bits)". I'm wondering what the 0 part in
> 256/0 bits mean. I've read it's "the number of bits actually used" vs. "the
> number of bits the algorithm is based on", but this sounds confusing to me.
> Can someone maybe clarify?

Seems like an oversight.  The apparent meaning of that field seems to
be "how many bits is the key used by the algorithm", which 256 for
these.  Diff to update that below.

It's basically a pointless measure and I suspect it's logged and
recorded by programs as a historical accident.  The strength bits tell
you something about resistance to (some types of) attacks, but how
would knowing how many bits the source had to feed into the cipher
change your behavior?  <shrug>


Philip Guenther


Index: s3_lib.c
===================================================================
RCS file: /data/src/openbsd/src/lib/libssl/src/ssl/s3_lib.c,v
retrieving revision 1.95
diff -u -p -r1.95 s3_lib.c
--- s3_lib.c    8 Feb 2015 22:06:49 -0000       1.95
+++ s3_lib.c    25 May 2015 20:09:32 -0000
@@ -1820,7 +1820,7 @@ SSL_CIPHER ssl3_ciphers[] = {
                .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256|
                    SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(0),
                .strength_bits = 256,
-               .alg_bits = 0,
+               .alg_bits = 256,
        },

        /* Cipher CC14 */
@@ -1837,7 +1837,7 @@ SSL_CIPHER ssl3_ciphers[] = {
                .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256|
                    SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(0),
                .strength_bits = 256,
-               .alg_bits = 0,
+               .alg_bits = 256,
        },

        /* Cipher CC15 */
@@ -1854,7 +1854,7 @@ SSL_CIPHER ssl3_ciphers[] = {
                .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256|
                    SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(0),
                .strength_bits = 256,
-               .alg_bits = 0,
+               .alg_bits = 256,
        },
 #endif

Reply via email to