Discussion:
'tsig-keygen' vs 'dnssec-keygen' - keysize
Browne, Stuart via bind-users
2018-09-05 04:50:52 UTC
Permalink
Was adding in some new internal functionality and noted that the 'tsig-keygen' tool doesn't give the ability to alter the keysize like dnssec-keygen does for generating HMAC based tsig keys.

I also noticed that in 9.13, dnssec-keygen will no longer be able to generate HMAC tsig's, so I'm wondering if the ability to manipulate the tsig keysize will be implemented in tsig-keygen to maintain compatibility, or if there is some work-around I've not found to be able to set this.

Stuart Browne
Neustar, Inc. / Sr Systems Admin
Level 8, 10 Queens Road, Melbourne, Australia VIC 3004
Office: +61.3.9866.3710
***@team.neustar / home.neustar

Follow Neustar: LinkedIn / Twitter

Reduce your environmental footprint. Print only if necessary.

The information contained in this email message is intended only for the use of the recipient(s) named above and may contain confidential and/or privileged information. If you are not the intended recipient you have received this email message in error and any review, dissemination, distribution, or copying of this message is strictly prohibited. If you have received this communication in error, please notify us immediately and delete the original message.


_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

bind-users mailing list
bind-***@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
Mark Andrews
2018-09-05 05:39:46 UTC
Permalink
Was adding in some new internal functionality and noted that the 'tsig-keygen' tool doesn’t
give the ability to alter the keysize like dnssec-keygen does for generating HMAC based tsig keys.
I also noticed that in 9.13, dnssec-keygen will no longer be able to generate HMAC tsig's, so
I'm wondering if the ability to manipulate the tsig keysize will be implemented in tsig-keygen
to maintain compatibility, or if there is some work-around I've not found to be able to set this.
There is zero point in fiddling with the key sizes of hmacs. It has no impact on the size
of the HMAC in the TSIG records. It has negligible impact on the size of named.conf, nor
on the size of a database if we ever get around to storing tsig keys in a database, even
with 100’s of millions of keys.

tsig-keygen generates maximal sized shared keys for the given algorithm which provides
the largest possible search space for a brute force attack.

The hmac algorithm used impacts the size of the HMAC in the TSIG record. To generate
truncated hmac append “-<bits>” e.g. -128 to the algorithm name.

Mark
Stuart Browne
Neustar, Inc. / Sr Systems Admin
Level 8, 10 Queens Road, Melbourne, Australia VIC 3004
Office: +61.3.9866.3710
Follow Neustar: LinkedIn / Twitter
Reduce your environmental footprint. Print only if necessary.
The information contained in this email message is intended only for the use of the recipient(s) named above and may contain confidential and/or privileged information. If you are not the intended recipient you have received this email message in error and any review, dissemination, distribution, or copying of this message is strictly prohibited. If you have received this communication in error, please notify us immediately and delete the original message.
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
bind-users mailing list
https://lists.isc.org/mailman/listinfo/bind-users
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: ***@isc.org

_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

bind-users mailing list
bind-***@lists.isc.org
https://lists.isc.org/ma
Browne, Stuart via bind-users
2018-09-06 04:28:23 UTC
Permalink
Ok, then here goes me in my not-really-understanding HMAC properly.

When using 'dnssec-keygen -a hmac-md5 -b 512 -n HOST some-name' (512 being the max keysize lited in 'dnssec-keygen -h'), we end up with an 88 byte string of secret data.

When using 'tsig-keygen -a hmac-md5 some-name', we end up with a 24 bytes string of secret data.

Is there no cryptographic difference between the short/long output?

For the sha* types, the length of the secret material appears to be the same, but not for the md5.

Sadly, I have some software that requires the use of hmac-md5's for tsigs that I cannot work around at this time.

Incidentally using bind-9.11 I was unable to use the truncation method you mentioned below (not that I really want to). Is it a 9.12 onwards thing?

Stuart
-----Original Message-----
Sent: Wednesday, 5 September 2018 3:40 PM
To: Browne, Stuart
Subject: Re: 'tsig-keygen' vs 'dnssec-keygen' - keysize
On 5 Sep 2018, at 2:50 pm, Browne, Stuart via bind-users <bind-
Was adding in some new internal functionality and noted that the 'tsig-
keygen' tool doesn’t
give the ability to alter the keysize like dnssec-keygen does for
generating HMAC based tsig keys.
I also noticed that in 9.13, dnssec-keygen will no longer be able to
generate HMAC tsig's, so
I'm wondering if the ability to manipulate the tsig keysize will be
implemented in tsig-keygen
to maintain compatibility, or if there is some work-around I've not
found to be able to set this.
There is zero point in fiddling with the key sizes of hmacs. It has no impact on the size
of the HMAC in the TSIG records. It has negligible impact on the size of named.conf, nor
on the size of a database if we ever get around to storing tsig keys in a database, even
with 100’s of millions of keys.
tsig-keygen generates maximal sized shared keys for the given algorithm which provides
the largest possible search space for a brute force attack.
The hmac algorithm used impacts the size of the HMAC in the TSIG record.
To generate
truncated hmac append “-<bits>” e.g. -128 to the algorithm name.
Mark
Stuart Browne
Neustar, Inc. / Sr Systems Admin
Level 8, 10 Queens Road, Melbourne, Australia VIC 3004
Office: +61.3.9866.3710
Follow Neustar: LinkedIn / Twitter
Reduce your environmental footprint. Print only if necessary.
The information contained in this email message is intended only for
the use of the recipient(s) named above and may contain confidential
and/or privileged information. If you are not the intended recipient you
have received this email message in error and any review, dissemination,
distribution, or copying of this message is strictly prohibited. If you
have received this communication in error, please notify us immediately
and delete the original message.
_______________________________________________
Please visit https://urldefense.proofpoint.com/v2/url?u=https-
3A__lists.isc.org_mailman_listinfo_bind-
2Dusers&d=DwIFaQ&c=MOptNlVtIETeDALC_lULrw&r=udvvbouEjrWNUMab5xo_vLbUE6LRG
u5fmxLhrDvVJS8&m=VyYL0iKiBdsY762FkEGyvUr-
FH5Z6vWh3Zs7JPh9g_U&s=SC48Vs3lYvTTgdQlXnms2TK6qbKVLErW2vjypiecjek&e= to
unsubscribe from this list
bind-users mailing list
https://urldefense.proofpoint.com/v2/url?u=https-
3A__lists.isc.org_mailman_listinfo_bind-
2Dusers&d=DwIFaQ&c=MOptNlVtIETeDALC_lULrw&r=udvvbouEjrWNUMab5xo_vLbUE6LRG
u5fmxLhrDvVJS8&m=VyYL0iKiBdsY762FkEGyvUr-
FH5Z6vWh3Zs7JPh9g_U&s=SC48Vs3lYvTTgdQlXnms2TK6qbKVLErW2vjypiecjek&e=
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

bind-users mailing list
bind-***@lists.isc.org
https://lists.isc.org/mailman/listinfo
Evan Hunt
2018-09-06 06:34:42 UTC
Permalink
Post by Browne, Stuart via bind-users
Ok, then here goes me in my not-really-understanding HMAC properly.
When using 'dnssec-keygen -a hmac-md5 -b 512 -n HOST some-name' (512
being the max keysize lited in 'dnssec-keygen -h'), we end up with an 88
byte string of secret data.
When using 'tsig-keygen -a hmac-md5 some-name', we end up with a 24 bytes
string of secret data.
Is there no cryptographic difference between the short/long output?
As I understand it (though I haven't studied this in a while and may be
fuzzy), the HMAC algorithm shortens keys that are longer than the block
size before it uses them, so it's true, long keys aren't necessary or
particularly helpful.
Post by Browne, Stuart via bind-users
Incidentally using bind-9.11 I was unable to use the truncation method
you mentioned below (not that I really want to). Is it a 9.12 onwards
thing?
No, but Mark's comment may have been confusing. You can set up keys
that way in named.conf ("algorithm hmac-md5-96;" or whatever). At first
I thought he was talking about tsig-keygen; perhaps you read it the same
way I did?
--
Evan Hunt -- ***@isc.org
Internet Systems Consortium, Inc.
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

bind-users mailing list
bind-***@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
Browne, Stuart via bind-users
2018-09-06 06:49:32 UTC
Permalink
-----Original Message-----
Sent: Thursday, 6 September 2018 4:35 PM
To: Browne, Stuart
Subject: Re: 'tsig-keygen' vs 'dnssec-keygen' - keysize
<snip>
Post by Browne, Stuart via bind-users
Is there no cryptographic difference between the short/long output?
As I understand it (though I haven't studied this in a while and may be
fuzzy), the HMAC algorithm shortens keys that are longer than the block
size before it uses them, so it's true, long keys aren't necessary or
particularly helpful.
Post by Browne, Stuart via bind-users
Incidentally using bind-9.11 I was unable to use the truncation method
you mentioned below (not that I really want to). Is it a 9.12 onwards
thing?
No, but Mark's comment may have been confusing. You can set up keys
that way in named.conf ("algorithm hmac-md5-96;" or whatever). At first
I thought he was talking about tsig-keygen; perhaps you read it the same
way I did?
--
Internet Systems Consortium, Inc.
Yes, I did read it the same way as you Evan.

Thanks for the clarification on the HMAC usage.

Stuart
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

bind-users mailing list
bind-***@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
Mark Andrews
2018-09-06 07:29:54 UTC
Permalink
dnssec-keygen had -d which set the truncated bits in the .private file
for HMACs. tsig-keygen could be extended to look for -bits with -a but
yes I meant just edit the resulting algorithm name in the file.

Mark
Post by Browne, Stuart via bind-users
-----Original Message-----
Sent: Thursday, 6 September 2018 4:35 PM
To: Browne, Stuart
Subject: Re: 'tsig-keygen' vs 'dnssec-keygen' - keysize
<snip>
Post by Browne, Stuart via bind-users
Is there no cryptographic difference between the short/long output?
As I understand it (though I haven't studied this in a while and may be
fuzzy), the HMAC algorithm shortens keys that are longer than the block
size before it uses them, so it's true, long keys aren't necessary or
particularly helpful.
Post by Browne, Stuart via bind-users
Incidentally using bind-9.11 I was unable to use the truncation method
you mentioned below (not that I really want to). Is it a 9.12 onwards
thing?
No, but Mark's comment may have been confusing. You can set up keys
that way in named.conf ("algorithm hmac-md5-96;" or whatever). At first
I thought he was talking about tsig-keygen; perhaps you read it the same
way I did?
--
Internet Systems Consortium, Inc.
Yes, I did read it the same way as you Evan.
Thanks for the clarification on the HMAC usage.
Stuart
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: ***@isc.org

_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

bind-users mailing list
bind-***@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
Loading...