DHE_DSS vs. DHE_RSA

8

He estado estudiando para aprender sobre varias suites de cifrado y su rendimiento; Me pregunto acerca de la diferencia entre DHE_DSS_AES256_CBC ciphersuites y DHE_RSA_AES256_CBC ciphersuites. Supuse que el DSS es eficiente en comparación con RSA. ¿Es correcto y alguien puede explicar con más detalle cuáles son las diferencias y cómo se comportan?

    
pregunta chris 22.03.2015 - 03:28
fuente

1 respuesta

3

DSS es un esquema de firma digital publicado (pero no inventado) por la NSA. En TLS ( TLS1.0 , PKIX ) cumple la misma función que RSA y ECDSA: las firmas digitales prueban que el servidor con el que está hablando tiene la clave privada correspondiente a la clave pública en El certificado y que la información en el certificado (incluida la clave pública del servidor) es exactamente lo que la CA revisó y aprobó.

Por razones que no conozco, en la práctica, el DSS en TLS perdió un concurso de popularidad con RSA y se extinguió. No pude encontrar una CA que vende certificados DSS. OpenSSL (incluido Android), MSIE y Java siguen siendo compatibles con TLS_DHE_DSS_WITH_AES_128_CBC_SHA (0x0032), pero Chrome, Firefox y Safari (de escritorio y móvil) no lo hacen, por lo que es bastante inútil.

El algoritmo DSA está vivo y bien, pero en estos días se usa con curvas elípticas, en cuyo caso se llama ECDSA . Se prefiere RSA por razones de rendimiento y es utilizado por Google y CloudFlare, si el cliente lo admite. CAs le venderá certificados ECDSA.

DSA y ECDSA tienen la falla de que requieren una nueva función aleatoria para cada operación de señalización y, si no es lo suficientemente aleatoria, la firma expone la clave privada (!). Las firmas digitales deterministas se desarrollaron para no requerir buenos valores aleatorios para las operaciones de señalización.

Un algoritmo de firma digital determinista rápido y seguro llamado EdDSA, en particular ed25519, recientemente se hizo popular (utilizado en las versiones más recientes de openssh y un montón de nuevas herramientas de cifrado). El CFRG debería, eventualmente, recomendar claves y certificados EdDSA para TLS, junto con El intercambio de claves de Curve25519, por lo que TLS_CURVE25519_ED25519_CHACHA20_POLY1305 se convertirá en el conjunto de claves recomendado para TLS 1.3 y DJB podrá declarar la victoria y retirarse.

He dicho que la prueba del servidor SSL de Qualys dice que "DHE_DSS no se puede usar para PFS porque requieren claves DSS , que efectivamente se limitan a 1024 bits ".

Para el experimento, he configurado Apache 2.4.7 con OpenSSL 1.0.1f para usar DHE_DSS_AES128_CBC y DHE_RSA_AES128_CBC. El certificado RSA es real, mientras que el certificado DSS es autofirmado, pero esto no importa para el propósito de este ejercicio. Me conecté desde 192.168.1.101 al servidor que se ejecuta en 192.168.1.103 con OpenSSL 1.0.1m (openssl s_client), grabé el protocolo de enlace y exporté una disección con WireShark.

Ambas configuraciones funcionaron, por lo que al menos entre dos OpenSSL 1.0.1, 2048 bit DSA keys funcionan. Por supuesto, esto no significa que desee utilizar un certificado DSS para un sitio web, incluso si pudiera comprar uno.

Disección de saludo de DHE RSA:

  

Protocolo de Internet versión 4, Src: 192.168.1.101 (192.168.1.101), Dst: 192.168.1.103 (192.168.1.103)   Capa de sockets seguros

TLSv1.2 Record Layer: Handshake Protocol: Client Hello

    Content Type: Handshake (22)

    Version: TLS 1.0 (0x0301)

    Length: 94

    Handshake Protocol: Client Hello

        Handshake Type: Client Hello (1)

        Length: 90

        Version: TLS 1.2 (0x0303)

        Random

        Session ID Length: 0

        Cipher Suites Length: 4

        Cipher Suites (2 suites)

            Cipher Suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x0033)

            Cipher Suite: TLS_EMPTY_RENEGOTIATION_INFO_SCSV (0x00ff)

        Compression Methods Length: 1

        Compression Methods (1 method)

        Extensions Length: 45

        Extension: SessionTicket TLS

        Extension: signature_algorithms

        Extension: Heartbeat
     

Protocolo de Internet versión 4, Src: 192.168.1.103 (192.168.1.103), Dst: 192.168.1.101 (192.168.1.101)

     

Capa de sockets seguros

TLSv1.2 Record Layer: Handshake Protocol: Server Hello

    Content Type: Handshake (22)

    Version: TLS 1.2 (0x0303)

    Length: 58

    Handshake Protocol: Server Hello

        Handshake Type: Server Hello (2)

        Length: 54

        Version: TLS 1.2 (0x0303)

        Random

        Session ID Length: 0

        Cipher Suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x0033)

        Compression Method: null (0)

        Extensions Length: 14

        Extension: renegotiation_info

        Extension: SessionTicket TLS

        Extension: Heartbeat
     

Protocolo de Internet versión 4, Src: 192.168.1.103 (192.168.1.103), Dst: 192.168.1.101 (192.168.1.101)

     

Capa de sockets seguros

TLSv1.2 Record Layer: Handshake Protocol: Certificate

    Content Type: Handshake (22)

    Version: TLS 1.2 (0x0303)

    Length: 1630

    Handshake Protocol: Certificate

        Handshake Type: Certificate (11)

        Length: 1626

        Certificates Length: 1623

        Certificates (1623 bytes)

            Certificate Length: 1620

            Certificate (pkcs-9-at-emailAddress=5b2ca5a024054a47bfcc565a8737db21.protect,id-at-commonName=www.zeev.pw,id-at-countryName=IL)

                signedCertificate

                    version: v3 (2)

                    serialNumber: 1127576

                    signature (sha256WithRSAEncryption)

                        Algorithm Id: 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)

                    issuer: rdnSequence (0)

                        rdnSequence: 4 items (id-at-commonName=StartCom Class 1 Primary Intermediate Server C,id-at-organizationalUnitName=Secure Digital Certificate Signing,id-at-organizationName=StartCom Ltd.,id-at-countryName=IL)

                            RDNSequence item: 1 item (id-at-countryName=IL)

                                RelativeDistinguishedName item (id-at-countryName=IL)

                                    Id: 2.5.4.6 (id-at-countryName)

                                    CountryName: IL

                            RDNSequence item: 1 item (id-at-organizationName=StartCom Ltd.)

                                RelativeDistinguishedName item (id-at-organizationName=StartCom Ltd.)

                                    Id: 2.5.4.10 (id-at-organizationName)

                                    DirectoryString: printableString (1)

                                        printableString: StartCom Ltd.

                            RDNSequence item: 1 item (id-at-organizationalUnitName=Secure Digital Certificate Signing)

                                RelativeDistinguishedName item (id-at-organizationalUnitName=Secure Digital Certificate Signing)

                                    Id: 2.5.4.11 (id-at-organizationalUnitName)

                                    DirectoryString: printableString (1)

                                        printableString: Secure Digital Certificate Signing

                            RDNSequence item: 1 item (id-at-commonName=StartCom Class 1 Primary Intermediate Server C)

                                RelativeDistinguishedName item (id-at-commonName=StartCom Class 1 Primary Intermediate Server CA)

                                    Id: 2.5.4.3 (id-at-commonName)

                                    DirectoryString: printableString (1)

                                        printableString: StartCom Class 1 Primary Intermediate Server CA

                    validity

                        notBefore: utcTime (0)

                        notAfter: utcTime (0)

                    subject: rdnSequence (0)

                        rdnSequence: 3 items (pkcs-9-at-emailAddress=5b2ca5a024054a47bfcc565a8737db21.protect,id-at-commonName=www.zeev.pw,id-at-countryName=IL)

                            RDNSequence item: 1 item (id-at-countryName=IL)

                                RelativeDistinguishedName item (id-at-countryName=IL)

                                    Id: 2.5.4.6 (id-at-countryName)

                                    CountryName: IL

                            RDNSequence item: 1 item (id-at-commonName=www.zeev.pw)

                                RelativeDistinguishedName item (id-at-commonName=www.zeev.pw)

                                    Id: 2.5.4.3 (id-at-commonName)

                                    DirectoryString: printableString (1)

                                        printableString: www.zeev.pw

                            RDNSequence item: 1 item (pkcs-9-at-emailAddress=5b2ca5a024054a47bfcc565a8737db21.protect)

                                RelativeDistinguishedName item (pkcs-9-at-emailAddress=5b2ca5a024054a47bfcc565a8737db21.protect@whoisguard.com)

                                    Id: 1.2.840.113549.1.9.1 (pkcs-9-at-emailAddress)

                                    IA5String: 5b2ca5a024054a47bfcc565a8737db21.protect@whoisguard.com

                    subjectPublicKeyInfo

                        algorithm (rsaEncryption)

                            Algorithm Id: 1.2.840.113549.1.1.1 (rsaEncryption)

                        Padding: 0

                        subjectPublicKey: 3082010a0282010100c1c8ada6e3526a74da3f873b2352be...

                    extensions: 10 items

                algorithmIdentifier (sha256WithRSAEncryption)

                    Algorithm Id: 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)

                Padding: 0

                encrypted: 54980c6f342bc4de5641df814fe88634ec110461e260e212...
     

Capa de sockets seguros

TLSv1.2 Record Layer: Handshake Protocol: Server Key Exchange

    Content Type: Handshake (22)

    Version: TLS 1.2 (0x0303)

    Length: 783

    Handshake Protocol: Server Key Exchange

        Handshake Type: Server Key Exchange (12)

        Length: 779

        Diffie-Hellman Server Params

            p Length: 256

            p: ffffffffffffffffc90fdaa22168c234c4c6628b80dc1cd1...

            g Length: 1

            g: 02

            Pubkey Length: 256

            Pubkey: 606134278d8b25b3367d3e15b2b46a3419cbe596721d446d...

            Signature Hash Algorithm: 0x0601

                Signature Hash Algorithm Hash: SHA512 (6)

                Signature Hash Algorithm Signature: RSA (1)

            Signature Length: 256

            Signature: 48b69b547860511e36830041f7e7aee3d97ced1144f190d4...

TLSv1.2 Record Layer: Handshake Protocol: Server Hello Done

    Content Type: Handshake (22)

    Version: TLS 1.2 (0x0303)

    Length: 4

    Handshake Protocol: Server Hello Done

        Handshake Type: Server Hello Done (14)

        Length: 0
     

Protocolo de Internet versión 4, Src: 192.168.1.101 (192.168.1.101), Dst: 192.168.1.103 (192.168.1.103)

     

Capa de sockets seguros

TLSv1.2 Record Layer: Handshake Protocol: Client Key Exchange

    Content Type: Handshake (22)

    Version: TLS 1.2 (0x0303)

    Length: 262

    Handshake Protocol: Client Key Exchange

        Handshake Type: Client Key Exchange (16)

        Length: 258

        Diffie-Hellman Client Params

            Pubkey Length: 256

            Pubkey: 020621c1846fa567392b2fa1b55868a65389400ee80f3594...

TLSv1.2 Record Layer: Change Cipher Spec Protocol: Change Cipher Spec

    Content Type: Change Cipher Spec (20)

    Version: TLS 1.2 (0x0303)

    Length: 1

    Change Cipher Spec Message

TLSv1.2 Record Layer: Handshake Protocol: Encrypted Handshake Message

    Content Type: Handshake (22)

    Version: TLS 1.2 (0x0303)

    Length: 64

    Handshake Protocol: Encrypted Handshake Message
     

Protocolo de Internet versión 4, Src: 192.168.1.103 (192.168.1.103), Dst: 192.168.1.101 (192.168.1.101)

     

Capa de sockets seguros

TLSv1.2 Record Layer: Handshake Protocol: New Session Ticket

    Content Type: Handshake (22)

    Version: TLS 1.2 (0x0303)

    Length: 202

    Handshake Protocol: New Session Ticket

        Handshake Type: New Session Ticket (4)

        Length: 198

        TLS Session Ticket

TLSv1.2 Record Layer: Change Cipher Spec Protocol: Change Cipher Spec

    Content Type: Change Cipher Spec (20)

    Version: TLS 1.2 (0x0303)

    Length: 1

    Change Cipher Spec Message

TLSv1.2 Record Layer: Handshake Protocol: Encrypted Handshake Message

    Content Type: Handshake (22)

    Version: TLS 1.2 (0x0303)

    Length: 64

    Handshake Protocol: Encrypted Handshake Message

Disección del protocolo DHE DSS:

  

Protocolo de Internet versión 4, Src: 192.168.1.101 (192.168.1.101), Dst: 192.168.1.103 (192.168.1.103)

     

Capa de sockets seguros

TLSv1.2 Record Layer: Handshake Protocol: Client Hello

    Content Type: Handshake (22)

    Version: TLS 1.0 (0x0301)

    Length: 94

    Handshake Protocol: Client Hello

        Handshake Type: Client Hello (1)

        Length: 90

        Version: TLS 1.2 (0x0303)

        Random

        Session ID Length: 0

        Cipher Suites Length: 4

        Cipher Suites (2 suites)

            Cipher Suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA (0x0032)

            Cipher Suite: TLS_EMPTY_RENEGOTIATION_INFO_SCSV (0x00ff)

        Compression Methods Length: 1

        Compression Methods (1 method)

        Extensions Length: 45

        Extension: SessionTicket TLS

        Extension: signature_algorithms

        Extension: Heartbeat
     

Protocolo de Internet versión 4, Src: 192.168.1.103 (192.168.1.103), Dst: 192.168.1.101 (192.168.1.101)

     

Capa de sockets seguros

TLSv1.2 Record Layer: Handshake Protocol: Server Hello

    Content Type: Handshake (22)

    Version: TLS 1.2 (0x0303)

    Length: 58

    Handshake Protocol: Server Hello

        Handshake Type: Server Hello (2)

        Length: 54

        Version: TLS 1.2 (0x0303)

        Random

        Session ID Length: 0

        Cipher Suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA (0x0032)

        Compression Method: null (0)

        Extensions Length: 14

        Extension: renegotiation_info

        Extension: SessionTicket TLS

        Extension: Heartbeat

TLSv1.2 Record Layer: Handshake Protocol: Certificate

    Content Type: Handshake (22)

    Version: TLS 1.2 (0x0303)

    Length: 1180

    Handshake Protocol: Certificate

        Handshake Type: Certificate (11)

        Length: 1176

        Certificates Length: 1173

        Certificates (1173 bytes)

            Certificate Length: 1170

            Certificate (id-at-commonName=zeev.pw,id-at-organizationName=Internet Widgits Pty Ltd,id-at-stateOrProvinceName=Some-State,id-at-countryName=US)

                signedCertificate

                    serialNumber: -5833175930474264775

                    signature (joint-iso-itu-t.16.840.1.101.3.4.3.2)

                        Algorithm Id: 2.16.840.1.101.3.4.3.2 (joint-iso-itu-t.16.840.1.101.3.4.3.2)

                    issuer: rdnSequence (0)

                        rdnSequence: 4 items (id-at-commonName=zeev.pw,id-at-organizationName=Internet Widgits Pty Ltd,id-at-stateOrProvinceName=Some-State,id-at-countryName=US)

                            RDNSequence item: 1 item (id-at-countryName=US)

                                RelativeDistinguishedName item (id-at-countryName=US)

                                    Id: 2.5.4.6 (id-at-countryName)

                                    CountryName: US

                            RDNSequence item: 1 item (id-at-stateOrProvinceName=Some-State)

                                RelativeDistinguishedName item (id-at-stateOrProvinceName=Some-State)

                                    Id: 2.5.4.8 (id-at-stateOrProvinceName)

                                    DirectoryString: uTF8String (4)

                                        uTF8String: Some-State

                            RDNSequence item: 1 item (id-at-organizationName=Internet Widgits Pty Ltd)

                                RelativeDistinguishedName item (id-at-organizationName=Internet Widgits Pty Ltd)

                                    Id: 2.5.4.10 (id-at-organizationName)

                                    DirectoryString: uTF8String (4)

                                        uTF8String: Internet Widgits Pty Ltd

                            RDNSequence item: 1 item (id-at-commonName=zeev.pw)

                                RelativeDistinguishedName item (id-at-commonName=zeev.pw)

                                    Id: 2.5.4.3 (id-at-commonName)

                                    DirectoryString: uTF8String (4)

                                        uTF8String: zeev.pw

                    validity

                        notBefore: utcTime (0)

                        notAfter: utcTime (0)

                    subject: rdnSequence (0)

                        rdnSequence: 4 items (id-at-commonName=zeev.pw,id-at-organizationName=Internet Widgits Pty Ltd,id-at-stateOrProvinceName=Some-State,id-at-countryName=US)

                            RDNSequence item: 1 item (id-at-countryName=US)

                                RelativeDistinguishedName item (id-at-countryName=US)

                                    Id: 2.5.4.6 (id-at-countryName)

                                    CountryName: US

                            RDNSequence item: 1 item (id-at-stateOrProvinceName=Some-State)

                                RelativeDistinguishedName item (id-at-stateOrProvinceName=Some-State)

                                    Id: 2.5.4.8 (id-at-stateOrProvinceName)

                                    DirectoryString: uTF8String (4)

                                        uTF8String: Some-State

                            RDNSequence item: 1 item (id-at-organizationName=Internet Widgits Pty Ltd)

                                RelativeDistinguishedName item (id-at-organizationName=Internet Widgits Pty Ltd)

                                    Id: 2.5.4.10 (id-at-organizationName)

                                    DirectoryString: uTF8String (4)

                                        uTF8String: Internet Widgits Pty Ltd

                            RDNSequence item: 1 item (id-at-commonName=zeev.pw)

                                RelativeDistinguishedName item (id-at-commonName=zeev.pw)

                                    Id: 2.5.4.3 (id-at-commonName)

                                    DirectoryString: uTF8String (4)

                                        uTF8String: zeev.pw

                    subjectPublicKeyInfo

                        algorithm (id-dsa)

                            Algorithm Id: 1.2.840.10040.4.1 (id-dsa)

                            DSS-Params

                                p : 0x009f922489033a4317d074675e70a4573184f810a441e7c373ea2562dcadb93f636393453bc144c57e773a8f66e58274663cf3fd5c2588aee86d36104e83a81cbc47704d623662e7b48d620315c3145ed0313397b58bd84494ad2b02c2c3124648ca29e490bb81a5a2d1fc52900ccc1c511256690

                                q : 0x00dac80ee885e74b0e56d9cac7d9a6e0efaaf5155bfb2e1426d99a0d4235d60359

                                g : 0x55234ba34d71468ff4c90a06c74ddebc0b882f0f77efadf45e1fc5ede292d31b19457746555616318755e5fdc5819041c16c6c2cbd8d9af9eca62046d533e232591596b9e74adb05662f66f72009e6f7742f81c35bdbf7c2ebb249a6aa9cf20a6c330b8dd214835d6aa2e330cb2b4a866a74ff438

                        Padding: 0

                        subjectPublicKey: 028201001fea1029b1edbbb83e8b92a56f4c34926a617fcd...

                algorithmIdentifier (joint-iso-itu-t.16.840.1.101.3.4.3.2)

                    Algorithm Id: 2.16.840.1.101.3.4.3.2 (joint-iso-itu-t.16.840.1.101.3.4.3.2)

                Padding: 0

                encrypted: 304402201d495bb07b7e000bd5c4b4f0a9b6a9183cbef0cf...
     

Protocolo de Internet versión 4, Src: 192.168.1.103 (192.168.1.103), Dst: 192.168.1.101 (192.168.1.101)

     

Capa de sockets seguros

TLSv1.2 Record Layer: Handshake Protocol: Server Key Exchange

    Content Type: Handshake (22)

    Version: TLS 1.2 (0x0303)

    Length: 598

    Handshake Protocol: Server Key Exchange

        Handshake Type: Server Key Exchange (12)

        Length: 594

        Diffie-Hellman Server Params

            p Length: 256

            p: ffffffffffffffffc90fdaa22168c234c4c6628b80dc1cd1...

            g Length: 1

            g: 02

            Pubkey Length: 256

            Pubkey: da0d4624e78f6f72d08f973ff3482bc92c758b6cb86b1812...

            Signature Hash Algorithm: 0x0602

                Signature Hash Algorithm Hash: SHA512 (6)

                Signature Hash Algorithm Signature: DSA (2)

            Signature Length: 71

            Signature: 3045022057fc39446c326c9b3e5f3f0f08e161daa45823a1...
     

Capa de sockets seguros

TLSv1.2 Record Layer: Handshake Protocol: Server Hello Done

    Content Type: Handshake (22)

    Version: TLS 1.2 (0x0303)

    Length: 4

    Handshake Protocol: Server Hello Done

        Handshake Type: Server Hello Done (14)

        Length: 0
     

Protocolo de Internet versión 4, Src: 192.168.1.101 (192.168.1.101), Dst: 192.168.1.103 (192.168.1.103)

     

Capa de sockets seguros

TLSv1.2 Record Layer: Handshake Protocol: Client Key Exchange

    Content Type: Handshake (22)

    Version: TLS 1.2 (0x0303)

    Length: 262

    Handshake Protocol: Client Key Exchange

        Handshake Type: Client Key Exchange (16)

        Length: 258

        Diffie-Hellman Client Params

            Pubkey Length: 256

            Pubkey: 8060234a6b4dee8a815d648df47b020b5f24ab800b20bd4b...

TLSv1.2 Record Layer: Change Cipher Spec Protocol: Change Cipher Spec

    Content Type: Change Cipher Spec (20)

    Version: TLS 1.2 (0x0303)

    Length: 1

    Change Cipher Spec Message

TLSv1.2 Record Layer: Handshake Protocol: Encrypted Handshake Message

    Content Type: Handshake (22)

    Version: TLS 1.2 (0x0303)

    Length: 64

    Handshake Protocol: Encrypted Handshake Message
     

Protocolo de Internet versión 4, Src: 192.168.1.103 (192.168.1.103), Dst: 192.168.1.101 (192.168.1.101)

     

Capa de sockets seguros

TLSv1.2 Record Layer: Handshake Protocol: New Session Ticket

    Content Type: Handshake (22)

    Version: TLS 1.2 (0x0303)

    Length: 202

    Handshake Protocol: New Session Ticket

        Handshake Type: New Session Ticket (4)

        Length: 198

        TLS Session Ticket

TLSv1.2 Record Layer: Change Cipher Spec Protocol: Change Cipher Spec

    Content Type: Change Cipher Spec (20)

    Version: TLS 1.2 (0x0303)

    Length: 1

    Change Cipher Spec Message

TLSv1.2 Record Layer: Handshake Protocol: Encrypted Handshake Message

    Content Type: Handshake (22)

    Version: TLS 1.2 (0x0303)

    Length: 64

    Handshake Protocol: Encrypted Handshake Message
    
respondido por el Z.T. 22.03.2015 - 12:07
fuente

Lea otras preguntas en las etiquetas