[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

Re: [Openvpn-users] what are DH parameters for


  • Subject: Re: [Openvpn-users] what are DH parameters for
  • From: Charlie Hosner <chosner@xxxxxxxxx>
  • Date: Tue, 23 Nov 2004 14:23:12 -0500

Your explanation sounds correct as I understand it.

RSA is used for authentication because as James' link says DH is subject to man-in-the-middle attacks and can not provide authentication. Once we are authenticated RSA gets out of the way. The session key is regenerated every hour (by default) and this is feasable because we use DH to make the session key, not RSA. Using RSA to recreate session keys is not possible as key generation takes too long. With DH it's the parameter generation that takes all the time, not the key generation, so it is well suited for re-keying for a persistant connection.

Your description sounds on the mark.

> Does OpenVPN use this system with these parameters if you follow the
> howto's using easyrsa/xxxxx and generate public/private keys?

The default using the online how-to's yields RSA authentication with DH key exchange using 128 bit Blowfish in Cipher Block Chaining mode with SHA1 message digests (TLS notation would be something like DH_RSA_WITH_BF_CBC_SHA). So with the exception of the 3DES symmetric cipher, it will give you the same thing.

Charlie

Hans-Cees Speel wrote:

I will give this a try.  James (or anyone) please correct me if I'm
wrong.

The short answer is PFS (perfect forward secrecy).  With RSA it is not
practical to generate new keys, and with DH is it.

RSA and DH basically do the same thing, key exchange/agreement. RSA
also handles authentication, which DH does not, so when you see a TLS
cipher like DH_RSA_WITH_3DES_EDE_CBC_SHA,


Does OpenVPN use this system with these parameters if you follow the howto's using easyrsa/xxxxx and generate public/private keys?


what you are getting is RSA > authentication with DH key agreement with 3DES

symmetric encryption in > CBC mode with SHA1 message digests.

Let me try to explain that for myself to see if I am right (please correct me):

We build a root-certicate with RSA.
We build a server and client certificate (public key) and private key with RSA. We sign the client and server keys/certtificates with RSA, using the root-certificate.
We create Diffie-Hellmann parameters: these may be public.


The server and client both have the root-ca. They exchange their ca's

At connection time:
With TLS a connection is made between server and client.
The server authenticcates itsself to the client with RSA. Its certificate is shown to do so.
The client authenticates itsself to the server with RSA. Its certificate is shown to do so.


Then the encrypted connection is set up. This is done by a Diffie-Hellmann (DH) key exchange. The usage of the RSA certificates are unclear to me in this step. I think the certificates are not used at all in key exchange, just for authentication.
The DH needs parameters, being a large prime number, and a second number (integer smaller than the prime number with some more math stuff). see: http://www.rsasecurity.com/rsalabs/node.asp?id=2248


The DH exchange produces a session key., This session key is used as key for 3des in cbc mode with sha1 digest modes.
While the connection is going, the key apparently gets changed now and then?


Is that about correct? It does not have to be exhaustive, but it should be correct.

greetings

Hans-Cees







You are correct in saying that DH is slower than RSA, in some
instances as much as 8 times slower, but that is only with sign and
verify options, with key generation, it is significantly faster. Recreating RSA keys is enormously time consuming and not practical for
a system that can not accept down time. So, we use RSA for
sign/verify authentication operations, and we use DH for periodic key
generation so we can maintain perfect forward secrecy.


In DH, the parameters take forever to generate, like RSA keys, but
using those same parameters you can generate new keys very quickly.

So, you use RSA to authenticate quickly and DH to create new keys on
the fly.

c

On Mon, 22 Nov 2004, Hans-Cees Speel wrote:


Hi,
I have looked at rfc 2246 and red a lot about tls and openvpn.

But I have not found an answer. Can anyone tell me what the diffie
hellmann parameters made by build-dh are for?

I am really having trouble picturing what crypto openvpn is using.

My best quess is this:

Keys are generated with RSA.
Key-exchange is with diffie-hellmann, this is where the paramaters
are used. The DH-parameters are signed with the rsa-generated
root(server?) certificate (or secret key).

If this is so, I wonder why key exchange is not with rsa, since this
is quicker, at least according to :
http://www.gnu.org/software/gnutls/manual/html_node/Certificate-
authentication.html

greetings

Hans-Cees
Hans-cees Speel @ http://www.hanscees.com
Trees @ http://www.bomengids.nl



-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real
users. Discover which products truly live up to the hype. Start
reading now. http://productguide.itmanagersjournal.com/
_______________________________________________ Openvpn-users
mailing list Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users





Hans-cees Speel @ http://www.hanscees.com Trees @ http://www.bomengids.nl





____________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users