Move Diffie-Hellman into WeakKeyEx category #28
Conversation
|
But depending on the choice you make for the key length, DH is not weak, maybe it would be more useful to deprecate smaller key lengths (2048 bits and less) |
|
I may be misunderstanding the DH key exchange, but isn't it capped at 2048 key lengths? To use better would require the use of Elliptic-Curve Diffie-Hellman (ECDH), which is broken out as its own entity? Edit: |
|
DH can have the following values: SchannelGroupPolicy/template/schannel.admx Lines 813 to 834 in c9b9e40 Of those, only 1024 (as I understand it) is considered weak. Moreover, in the description field for the Diffie-Hellman settings, we have this warning: SchannelGroupPolicy/template/en-US/schannel.adml Lines 357 to 360 in c9b9e40 I think the best course of action would be to update the README, since 75% of the values one can choose for the key length are considered safe and we do our best to call out which ones those are. Does that sound okay? |
|
While I do agree with everything @Crosse has said, leaving Diffie-Hellman active but increasing the minimum key length could lead to lower performance VS ECDH and other key exchanges. IBM has a good article with relevant information in the "additional information" section of https://www.ibm.com/support/pages/how-disable-ssltls-diffie-hellman-keys-less-2048-bits . If we do not designate Diffie-Hellman as weak (at least with the default key length of 1024), then much additional information should be added the the Readme to prevent a novice user from making security or performance impacting choices. Maybe the category shouldn't be "Weak Key Exchanges", but instead "Legacy Key Exchanges"? |
Noticed that we had a category WeakKeyEx, but were not using it for Diffie-Hellman Key Exchange Algorithm and options. This pull request places Diffie-Hellman and associated settings for Key Exchange Algorithms into the Weak Key Exchange Algorithms category.