GENWiki

Premier IT Outsourcing and Support Services within the UK

User Tools

Site Tools


rfc:rfc5469

Network Working Group P. Eronen, Ed. Request for Comments: 5469 Nokia Category: Informational February 2009

   DES and IDEA Cipher Suites for Transport Layer Security (TLS)

Status of This Memo

 This memo provides information for the Internet community.  It does
 not specify an Internet standard of any kind.  Distribution of this
 memo is unlimited.

Copyright Notice

 Copyright (c) 2009 IETF Trust and the persons identified as the
 document authors.  All rights reserved.
 This document is subject to BCP 78 and the IETF Trust's Legal
 Provisions Relating to IETF Documents (http://trustee.ietf.org/
 license-info) in effect on the date of publication of this document.
 Please review these documents carefully, as they describe your rights
 and restrictions with respect to this document.

Abstract

 Transport Layer Security (TLS) versions 1.0 (RFC 2246) and 1.1 (RFC
 4346) include cipher suites based on DES (Data Encryption Standard)
 and IDEA (International Data Encryption Algorithm) algorithms.  DES
 (when used in single-DES mode) and IDEA are no longer recommended for
 general use in TLS, and have been removed from TLS version 1.2 (RFC
 5246).  This document specifies these cipher suites for completeness
 and discusses reasons why their use is no longer recommended.

1. Introduction

 TLS versions 1.0 [TLS10] and 1.1 [TLS11] include cipher suites based
 on DES (Data Encryption Standard) and IDEA (International Data
 Encryption Algorithm) algorithms.  DES (when used in single-DES mode)
 and IDEA are no longer recommended for general use in TLS, and have
 been removed from TLS version 1.2 [TLS12].
 This document specifies these cipher suites for completeness and
 discusses reasons why their use is no longer recommended.
 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
 document are to be interpreted as described in [REQ].

Eronen Informational [Page 1] RFC 5469 DES and IDEA Cipher Suites for TLS February 2009

2. DES Cipher Suites

 DES (Data Encryption Standard) is a block cipher that was originally
 approved as a US federal standard in 1976, and is specified in [DES].
 For TLS key generation purposes, DES is treated as having a 64-bit
 key, but it still provides only 56 bits of protection, as 8 of the 64
 bits are not used by the algorithm.  DES uses a 64-bit block size.
 The following cipher suites have been defined for using DES in Cipher
 Block Chaining (CBC) mode in TLS:
    CipherSuite TLS_RSA_WITH_DES_CBC_SHA            = { 0x00,0x09 };
    CipherSuite TLS_DH_DSS_WITH_DES_CBC_SHA         = { 0x00,0x0C };
    CipherSuite TLS_DH_RSA_WITH_DES_CBC_SHA         = { 0x00,0x0F };
    CipherSuite TLS_DHE_DSS_WITH_DES_CBC_SHA        = { 0x00,0x12 };
    CipherSuite TLS_DHE_RSA_WITH_DES_CBC_SHA        = { 0x00,0x15 };
    CipherSuite TLS_DH_anon_WITH_DES_CBC_SHA        = { 0x00,0x1A };
 The key exchange algorithms (RSA, DH_DSS, DH_RSA, DHE_DSS, DHE_RSA,
 and DH_anon) and the MAC (Message Authentication Code) algorithm
 (SHA) are defined in the base TLS specification.

3. IDEA Cipher Suite

 IDEA (International Data Encryption Algorithm) is a block cipher
 designed by Xuejia Lai and James Massey [IDEA] [SCH].  IDEA uses a
 128-bit key and operates on 64-bit blocks.
 The following cipher suite has been defined for using IDEA in CBC
 mode in TLS:
    CipherSuite TLS_RSA_WITH_IDEA_CBC_SHA           = { 0x00,0x07 };
 The key exchange algorithm (RSA) and the MAC algorithm (SHA) are
 defined in the base TLS specification.

4. Security Considerations

4.1. DES Cipher Suites

 DES has an effective key strength of 56 bits, which has been known to
 be vulnerable to practical brute force attacks for over 20 years
 [DH].  A relatively recent 2006 paper by Kumar, et al. [COPA]
 describes a system that performs an exhaustive key search in less
 than nine days on average, and costs less than 10,000 USD to build.

Eronen Informational [Page 2] RFC 5469 DES and IDEA Cipher Suites for TLS February 2009

 Given this, the single-DES cipher suites SHOULD NOT be implemented by
 TLS libraries.  If a TLS library implements these cipher suites, it
 SHOULD NOT enable them by default.  Experience has also shown that
 rarely used code is a source of security and interoperability
 problems, so existing implementations SHOULD consider removing these
 cipher suites.

4.2. IDEA Cipher Suite

 IDEA has a 128-bit key, and thus is not vulnerable to an exhaustive
 key search.  However, the IDEA cipher suite for TLS has not seen
 widespread use: most implementations either do not support it, do not
 enable it by default, or do not negotiate it when other algorithms
 (such as AES, 3DES, or RC4) are available.
 Experience has shown that rarely used code is a source of security
 and interoperability problems; given this, the IDEA cipher suite
 SHOULD NOT be implemented by TLS libraries and SHOULD be removed from
 existing implementations.

5. IANA Considerations

 IANA has already allocated values for the cipher suites described in
 this document in the TLS Cipher Suite Registry, defined in [TLS11].
 IANA has updated the references of these cipher suites to point to
 this document:
 Value         Description                             Reference
 -----------   --------------------------------------  ---------
 0x00,0x07     TLS_RSA_WITH_IDEA_CBC_SHA               [RFC5469]
 0x00,0x09     TLS_RSA_WITH_DES_CBC_SHA                [RFC5469]
 0x00,0x0C     TLS_DH_DSS_WITH_DES_CBC_SHA             [RFC5469]
 0x00,0x0F     TLS_DH_RSA_WITH_DES_CBC_SHA             [RFC5469]
 0x00,0x12     TLS_DHE_DSS_WITH_DES_CBC_SHA            [RFC5469]
 0x00,0x15     TLS_DHE_RSA_WITH_DES_CBC_SHA            [RFC5469]
 0x00,0x1A     TLS_DH_anon_WITH_DES_CBC_SHA            [RFC5469]
 This document does not create any new registries to be maintained by
 IANA, and does not require any new assignments from existing
 registries.

6. Acknowledgments

 The editor would like to thank Steven Bellovin, Uri Blumenthal,
 Michael D'Errico, Paul Hoffman, Simon Josefsson, Bodo Moeller, Tom
 Petch, Martin Rex, and Len Sassaman for their contributions to
 preparing this document.

Eronen Informational [Page 3] RFC 5469 DES and IDEA Cipher Suites for TLS February 2009

7. References

7.1. Normative References

 [DES]    National Institute of Standards and Technology, "Data
          Encryption Standard (DES)", FIPS PUB 46-3, October 1999.
 [IDEA]   Lai, X., "On the Design and Security of Block Ciphers",
          ETH Series in Information Processing, v. 1, Konstanz:
          Hartung-Gorre Verlag, 1992.
 [REQ]    Bradner, S., "Key words for use in RFCs to Indicate
          Requirement Levels", BCP 14, RFC 2119, March 1997.
 [SCH]    Schneier, B., "Applied Cryptography: Protocols, Algorithms,
          and Source Code in C", 2nd ed., John Wiley & Sons, Inc.,
          1996.
 [TLS10]  Dierks, T. and C. Allen, "The TLS Protocol Version 1.0",
          RFC 2246, January 1999.
 [TLS11]  Dierks, T. and E. Rescorla, "The Transport Layer Security
          (TLS) Protocol Version 1.1", RFC 4346, April 2006.
 [TLS12]  Dierks, T. and E. Rescorla, "The Transport Layer Security
          (TLS) Protocol Version 1.2", RFC 5246, August 2008.

7.2. Informative References

 [COPA]   Kumar, S., Paar, C., Pelzl, J., Pfeiffer, G., and M.
          Schimmler, "Breaking Ciphers with COPACOBANA - A Cost-
          Optimized Parallel Code Breaker", Workshop on Cryptographic
          Hardware and Embedded Systems (CHES 2006), Yokohama, Japan,
          October 2006.
 [DH]     Diffie, W. and M. Hellman, "Exhaustive Cryptanalysis of the
          NBS Data Encryption Standard", IEEE Computer, Volume 10,
          Issue 6, June 1977.

Author's Address

 Pasi Eronen (editor)
 Nokia Research Center
 P.O. Box 407
 FIN-00045 Nokia Group
 Finland
 EMail: pasi.eronen@nokia.com

Eronen Informational [Page 4]

/data/webs/external/dokuwiki/data/pages/rfc/rfc5469.txt · Last modified: 2009/02/11 00:06 by 127.0.0.1

Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki