Network Working Group P. Eronen, Ed.
Request for Comments: 5469 Nokia
Category: Informational February 2009
Network Working Group P. Eronen, Ed.
Request for Comments: 5469 Nokia
Category: Informational February 2009
DES and IDEA Cipher Suites for Transport Layer Security (TLS)
用于传输层安全(TLS)的DES和IDEA密码套件
Status of This Memo
关于下段备忘
This memo provides information for the Internet community. It does not specify an Internet standard of any kind. Distribution of this memo is unlimited.
本备忘录为互联网社区提供信息。它没有规定任何类型的互联网标准。本备忘录的分发不受限制。
Copyright Notice
版权公告
Copyright (c) 2009 IETF Trust and the persons identified as the document authors. All rights reserved.
版权所有(c)2009 IETF信托基金和确定为文件作者的人员。版权所有。
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/ license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document.
本文件受BCP 78和IETF信托有关IETF文件的法律规定的约束(http://trustee.ietf.org/ 许可证信息)在本文件发布之日生效。请仔细阅读这些文件,因为它们描述了您对本文件的权利和限制。
Abstract
摘要
Transport Layer Security (TLS) versions 1.0 (RFC 2246) and 1.1 (RFC 4346) include cipher suites based on DES (Data Encryption Standard) and IDEA (International Data Encryption Algorithm) algorithms. DES (when used in single-DES mode) and IDEA are no longer recommended for general use in TLS, and have been removed from TLS version 1.2 (RFC 5246). This document specifies these cipher suites for completeness and discusses reasons why their use is no longer recommended.
传输层安全(TLS)版本1.0(RFC 2246)和1.1(RFC 4346)包括基于DES(数据加密标准)和IDEA(国际数据加密算法)算法的密码套件。DES(在单DES模式下使用时)和IDEA不再建议在TLS中通用,并已从TLS版本1.2(RFC 5246)中删除。本文档详细说明了这些密码套件的完整性,并讨论了不再推荐使用它们的原因。
TLS versions 1.0 [TLS10] and 1.1 [TLS11] include cipher suites based on DES (Data Encryption Standard) and IDEA (International Data Encryption Algorithm) algorithms. DES (when used in single-DES mode) and IDEA are no longer recommended for general use in TLS, and have been removed from TLS version 1.2 [TLS12].
TLS版本1.0[TLS10]和1.1[TLS11]包括基于DES(数据加密标准)和IDEA(国际数据加密算法)算法的密码套件。DES(在单DES模式下使用时)和IDEA不再建议在TLS中通用,并已从TLS版本1.2[TLS12]中删除。
This document specifies these cipher suites for completeness and discusses reasons why their use is no longer recommended.
本文档详细说明了这些密码套件的完整性,并讨论了不再推荐使用它们的原因。
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [REQ].
本文件中的关键词“必须”、“不得”、“要求”、“应”、“不应”、“应”、“不应”、“建议”、“可”和“可选”应按照[REQ]中的说明进行解释。
DES (Data Encryption Standard) is a block cipher that was originally approved as a US federal standard in 1976, and is specified in [DES].
DES(数据加密标准)是一种分组密码,最初于1976年被批准为美国联邦标准,并在[DES]中指定。
For TLS key generation purposes, DES is treated as having a 64-bit key, but it still provides only 56 bits of protection, as 8 of the 64 bits are not used by the algorithm. DES uses a 64-bit block size.
出于TLS密钥生成的目的,DES被视为具有64位密钥,但它仍然仅提供56位保护,因为64位中的8位未被算法使用。DES使用64位块大小。
The following cipher suites have been defined for using DES in Cipher Block Chaining (CBC) mode in TLS:
为在TLS的密码块链接(CBC)模式下使用DES,定义了以下密码套件:
CipherSuite TLS_RSA_WITH_DES_CBC_SHA = { 0x00,0x09 };
CipherSuite TLS_DH_DSS_WITH_DES_CBC_SHA = { 0x00,0x0C };
CipherSuite TLS_DH_RSA_WITH_DES_CBC_SHA = { 0x00,0x0F };
CipherSuite TLS_DHE_DSS_WITH_DES_CBC_SHA = { 0x00,0x12 };
CipherSuite TLS_DHE_RSA_WITH_DES_CBC_SHA = { 0x00,0x15 };
CipherSuite TLS_DH_anon_WITH_DES_CBC_SHA = { 0x00,0x1A };
CipherSuite TLS_RSA_WITH_DES_CBC_SHA = { 0x00,0x09 };
CipherSuite TLS_DH_DSS_WITH_DES_CBC_SHA = { 0x00,0x0C };
CipherSuite TLS_DH_RSA_WITH_DES_CBC_SHA = { 0x00,0x0F };
CipherSuite TLS_DHE_DSS_WITH_DES_CBC_SHA = { 0x00,0x12 };
CipherSuite TLS_DHE_RSA_WITH_DES_CBC_SHA = { 0x00,0x15 };
CipherSuite TLS_DH_anon_WITH_DES_CBC_SHA = { 0x00,0x1A };
The key exchange algorithms (RSA, DH_DSS, DH_RSA, DHE_DSS, DHE_RSA, and DH_anon) and the MAC (Message Authentication Code) algorithm (SHA) are defined in the base TLS specification.
密钥交换算法(RSA、DH_DSS、DH_RSA、DHE_DSS、DHE_RSA和DH_anon)和MAC(消息认证码)算法(SHA)在基本TLS规范中定义。
IDEA (International Data Encryption Algorithm) is a block cipher designed by Xuejia Lai and James Massey [IDEA] [SCH]. IDEA uses a 128-bit key and operates on 64-bit blocks.
IDEA(国际数据加密算法)是由赖学佳和James Massey[IDEA][SCH]设计的分组密码。IDEA使用128位密钥,并对64位块进行操作。
The following cipher suite has been defined for using IDEA in CBC mode in TLS:
为在TLS的CBC模式下使用IDEA,定义了以下密码套件:
CipherSuite TLS_RSA_WITH_IDEA_CBC_SHA = { 0x00,0x07 };
CipherSuite TLS_RSA_WITH_IDEA_CBC_SHA = { 0x00,0x07 };
The key exchange algorithm (RSA) and the MAC algorithm (SHA) are defined in the base TLS specification.
密钥交换算法(RSA)和MAC算法(SHA)在基本TLS规范中定义。
DES has an effective key strength of 56 bits, which has been known to be vulnerable to practical brute force attacks for over 20 years [DH]. A relatively recent 2006 paper by Kumar, et al. [COPA] describes a system that performs an exhaustive key search in less than nine days on average, and costs less than 10,000 USD to build.
DES的有效密钥强度为56位,20多年来一直被认为易受实际暴力攻击[DH]。库马尔等人(Kumar,et al.[COPA]在2006年发表的一篇相对较新的论文中描述了一个系统,该系统平均在不到九天的时间内执行穷举的密钥搜索,构建成本不到10000美元。
Given this, the single-DES cipher suites SHOULD NOT be implemented by TLS libraries. If a TLS library implements these cipher suites, it SHOULD NOT enable them by default. Experience has also shown that rarely used code is a source of security and interoperability problems, so existing implementations SHOULD consider removing these cipher suites.
因此,单一DES密码套件不应由TLS库实现。如果TLS库实现这些密码套件,则默认情况下不应启用它们。经验还表明,很少使用的代码是安全性和互操作性问题的根源,因此现有的实现应该考虑删除这些密码套件。
IDEA has a 128-bit key, and thus is not vulnerable to an exhaustive key search. However, the IDEA cipher suite for TLS has not seen widespread use: most implementations either do not support it, do not enable it by default, or do not negotiate it when other algorithms (such as AES, 3DES, or RC4) are available.
IDEA有一个128位的密钥,因此不易受到穷举密钥搜索的攻击。然而,用于TLS的IDEA密码套件尚未得到广泛使用:大多数实现要么不支持它,要么默认情况下不启用它,要么在其他算法(如AES、3DES或RC4)可用时不协商它。
Experience has shown that rarely used code is a source of security and interoperability problems; given this, the IDEA cipher suite SHOULD NOT be implemented by TLS libraries and SHOULD be removed from existing implementations.
经验表明,很少使用的代码是安全性和互操作性问题的根源;有鉴于此,IDEA密码套件不应该由TLS库实现,而应该从现有实现中删除。
IANA has already allocated values for the cipher suites described in this document in the TLS Cipher Suite Registry, defined in [TLS11]. IANA has updated the references of these cipher suites to point to this document:
IANA已经在[TLS11]中定义的TLS密码套件注册表中为本文档中描述的密码套件分配了值。IANA已更新了这些密码套件的参考资料,以指向本文件:
Value Description Reference
----------- -------------------------------------- ---------
0x00,0x07 TLS_RSA_WITH_IDEA_CBC_SHA [RFC5469]
0x00,0x09 TLS_RSA_WITH_DES_CBC_SHA [RFC5469]
0x00,0x0C TLS_DH_DSS_WITH_DES_CBC_SHA [RFC5469]
0x00,0x0F TLS_DH_RSA_WITH_DES_CBC_SHA [RFC5469]
0x00,0x12 TLS_DHE_DSS_WITH_DES_CBC_SHA [RFC5469]
0x00,0x15 TLS_DHE_RSA_WITH_DES_CBC_SHA [RFC5469]
0x00,0x1A TLS_DH_anon_WITH_DES_CBC_SHA [RFC5469]
Value Description Reference
----------- -------------------------------------- ---------
0x00,0x07 TLS_RSA_WITH_IDEA_CBC_SHA [RFC5469]
0x00,0x09 TLS_RSA_WITH_DES_CBC_SHA [RFC5469]
0x00,0x0C TLS_DH_DSS_WITH_DES_CBC_SHA [RFC5469]
0x00,0x0F TLS_DH_RSA_WITH_DES_CBC_SHA [RFC5469]
0x00,0x12 TLS_DHE_DSS_WITH_DES_CBC_SHA [RFC5469]
0x00,0x15 TLS_DHE_RSA_WITH_DES_CBC_SHA [RFC5469]
0x00,0x1A TLS_DH_anon_WITH_DES_CBC_SHA [RFC5469]
This document does not create any new registries to be maintained by IANA, and does not require any new assignments from existing registries.
本文件不创建IANA维护的任何新注册,也不要求现有注册的任何新分配。
The editor would like to thank Steven Bellovin, Uri Blumenthal, Michael D'Errico, Paul Hoffman, Simon Josefsson, Bodo Moeller, Tom Petch, Martin Rex, and Len Sassaman for their contributions to preparing this document.
编辑要感谢史蒂文·贝洛文、乌里·布卢门塔尔、迈克尔·德里科、保罗·霍夫曼、西蒙·约瑟夫松、博多·默勒、汤姆·佩奇、马丁·雷克斯和伦·萨萨曼为编写本文件所作的贡献。
[DES] National Institute of Standards and Technology, "Data Encryption Standard (DES)", FIPS PUB 46-3, October 1999.
[DES]国家标准与技术研究所,“数据加密标准(DES)”,FIPS PUB 46-3,1999年10月。
[IDEA] Lai, X., "On the Design and Security of Block Ciphers", ETH Series in Information Processing, v. 1, Konstanz: Hartung-Gorre Verlag, 1992.
[IDEA]Lai,X.,“分组密码的设计与安全”,信息处理ETH系列,v。康斯坦茨:哈东·高尔·韦拉格,1992年。
[REQ] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997.
[REQ]Bradner,S.,“在RFC中用于指示需求水平的关键词”,BCP 14,RFC 2119,1997年3月。
[SCH] Schneier, B., "Applied Cryptography: Protocols, Algorithms, and Source Code in C", 2nd ed., John Wiley & Sons, Inc., 1996.
[SCH]Schneier,B.“应用密码学:C语言中的协议、算法和源代码”,第二版,约翰·威利父子公司,1996年。
[TLS10] Dierks, T. and C. Allen, "The TLS Protocol Version 1.0", RFC 2246, January 1999.
[TLS10]Dierks,T.和C.Allen,“TLS协议版本1.0”,RFC 2246,1999年1月。
[TLS11] Dierks, T. and E. Rescorla, "The Transport Layer Security (TLS) Protocol Version 1.1", RFC 4346, April 2006.
[TLS11]Dierks,T.和E.Rescorla,“传输层安全(TLS)协议版本1.1”,RFC 4346,2006年4月。
[TLS12] Dierks, T. and E. Rescorla, "The Transport Layer Security (TLS) Protocol Version 1.2", RFC 5246, August 2008.
[TLS12]Dierks,T.和E.Rescorla,“传输层安全(TLS)协议版本1.2”,RFC 5246,2008年8月。
[COPA] Kumar, S., Paar, C., Pelzl, J., Pfeiffer, G., and M. Schimmler, "Breaking Ciphers with COPACOBANA - A Cost-Optimized Parallel Code Breaker", Workshop on Cryptographic Hardware and Embedded Systems (CHES 2006), Yokohama, Japan, October 2006.
[COPA]Kumar,S.,Paar,C.,Pelzl,J.,Pfeiffer,G.,和M.Schimmler,“使用COPACOBANA破解密码-一种成本优化的并行密码破解器”,密码硬件和嵌入式系统研讨会(CHES 2006),日本横滨,2006年10月。
[DH] Diffie, W. and M. Hellman, "Exhaustive Cryptanalysis of the NBS Data Encryption Standard", IEEE Computer, Volume 10, Issue 6, June 1977.
[DH]Diffie,W.和M.Hellman,“NBS数据加密标准的详尽密码分析”,IEEE计算机,第10卷,第6期,1977年6月。
Author's Address
作者地址
Pasi Eronen (editor) Nokia Research Center P.O. Box 407 FIN-00045 Nokia Group Finland
Pasi Eronen(编辑)诺基亚研究中心邮政信箱407 FIN-00045诺基亚芬兰集团
EMail: pasi.eronen@nokia.com
EMail: pasi.eronen@nokia.com