[Pkg-openssl-devel] Bug#747453: Arbitrary key size limitations causing hard-to-diagnose problems when establishing a connection

Benny Baumann BenBE at geshi.org
Fri May 9 07:08:37 UTC 2014 

Hi Kurt,

Am 09.05.2014 08:42, schrieb Kurt Roeckx:
> On Fri, May 09, 2014 at 03:32:25AM +0200, Wilfried Klaebe wrote:
>> Kurt Roeckx wrote:
>>> I don't see how the severity of this is critical.
>> The severity level "critical" is defined as: "makes unrelated software
>> on the system (or the whole system) break, or causes serious data loss,
>> or introduces a security hole on systems where you install the package."
>> <https://www.debian.org/Bugs/Developer>
> Exactly.
Happens when you quote correctly ;-)
>> This bug makes unrelated software on the system break (e.g. ejabberd, no
>> communication was possible until _both_ sides had the supplied patch
>> applied),
> ejabberd is not unrelated since it makes use of openssl.
Could we than please get a new severity level "breaks software which
depends on it". That's what I usually call critical, especially combined
with the next step.
>   It's also
> not totally broken that it can't be used, communication can be done
> under normal conditions.
Nope. It even breaks when the opposite server uses shorter keys and only
one party uses the larger key size.
>> and also could introduce security holes, as clients might fall
>> back to unencrypted communication.
> You can argue that this is a security hole or not.
As stated in the initial report you MUST never place arbitrary limits on
the size of cryptographic keys which is this bug is doing in the first
place. That it horribly breaks for software relying on the behaviour of
the backend library to "just do the right thing" is just another point.
>   I see no
> reason to use such large keys in the first place.
Two people independently choose to use such large keys. And are using
such large keys on a regular basis. And have little issues with them.
Furthermore I've seen several other occasions with such keys in the wild
already - interestingly in the same context as we found the
ejabberd/openssl certificate issue.

Furthermore: RSA 8192 corresponds to roughly AES192 thus 8192 bit is
still quite conservative if you do not want your certificate or key
exchange be the weakest link.

Thus to get back to your statement:
1. Yes, you SHOULD argue this is a security hole
2. Yes, there is reason to use such large keys.
> Kurt
Kind regards,
Benny Baumann

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: OpenPGP digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-openssl-devel/attachments/20140509/f89eacfb/attachment-0001.sig>

More information about the Pkg-openssl-devel mailing list