Re: chacha20 cipher_algbits is 0

Mon, 25 May 2015 13:56:25 -0700 

On Mon, May 25, 2015 at 3:26 PM, Philip Guenther <guent...@gmail.com> wrote:
> On Mon, May 25, 2015 at 6:57 AM, Tim Kuijsten <i...@netsend.nl> wrote:
>> Since I'm running postfix with LibreSSL, some clients encrypt the connection
>> using ECDHE-RSA-CHACHA20-POLY1305. Now I'm used to seeing headers like
>> "using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)" . But
>> these ChaCha20 headers look like "using TLSv1.2 with cipher
>> ECDHE-RSA-CHACHA20-POLY1305 (256/0 bits)". I'm wondering what the 0 part in
>> 256/0 bits mean. I've read it's "the number of bits actually used" vs. "the
>> number of bits the algorithm is based on", but this sounds confusing to me.
>> Can someone maybe clarify?
>
> Seems like an oversight.  The apparent meaning of that field seems to
> be "how many bits is the key used by the algorithm", which 256 for
> these.  Diff to update that below.
>
> It's basically a pointless measure and I suspect it's logged and
> recorded by programs as a historical accident.  The strength bits tell
> you something about resistance to (some types of) attacks, but how
> would knowing how many bits the source had to feed into the cipher
> change your behavior?  <shrug>

This appears to have been copied from the original BoringSSL
implementation, which indicates '0' here as well. You'd have to ask
Adam Langley if there was a purpose behind it, but this seems fine to
me. ok bcook@

>
> Philip Guenther
>
>
> Index: s3_lib.c
> ===================================================================
> RCS file: /data/src/openbsd/src/lib/libssl/src/ssl/s3_lib.c,v
> retrieving revision 1.95
> diff -u -p -r1.95 s3_lib.c
> --- s3_lib.c    8 Feb 2015 22:06:49 -0000       1.95
> +++ s3_lib.c    25 May 2015 20:09:32 -0000
> @@ -1820,7 +1820,7 @@ SSL_CIPHER ssl3_ciphers[] = {
>                 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256|
>                     SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(0),
>                 .strength_bits = 256,
> -               .alg_bits = 0,
> +               .alg_bits = 256,
>         },
>
>         /* Cipher CC14 */
> @@ -1837,7 +1837,7 @@ SSL_CIPHER ssl3_ciphers[] = {
>                 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256|
>                     SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(0),
>                 .strength_bits = 256,
> -               .alg_bits = 0,
> +               .alg_bits = 256,
>         },
>
>         /* Cipher CC15 */
> @@ -1854,7 +1854,7 @@ SSL_CIPHER ssl3_ciphers[] = {
>                 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256|
>                     SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(0),
>                 .strength_bits = 256,
> -               .alg_bits = 0,
> +               .alg_bits = 256,
>         },
>  #endif

Reply via email to