Need Help with Dropbear Export Questions
Matt Johnston
matt at ucc.asn.au
Thu Apr 19 10:51:15 WST 2007
On Thu, Apr 19, 2007 at 12:40:56AM +0000, Edward Wang wrote:
> I am currently in the process of trying to obtain clearance to export some
> custom computers out of the U.S. The computers have Dropbear, and the lawyers
> have questions about Dropbear encryption that I can't answer. Unfortunately,
> I can not find any documentation online with the answers either. I'd
> appreciate it if anyone can give the answers or can point me to where I can
> find the answers.
The SSH2 specification at
http://www.ietf.org/rfc/rfc4253.txt is probably a reasonable
start. See inline for a list more specific to Dropbear. Hmm,
I need to get some glossy marketing pamphlets to print :)
> 1. Describe the symmetric and asymmetric encryption
> algorithms and key lengths and how the algorithms are used
> (e.g., 56-bit DES, 168-bit DES, 128-bit RC4, 448-bit
> Blowfish, etc.). Specify which encryption modes are
> supported (e.g., cipher feedback mode or cipher block
> chaining mode). For any asymmetric algorithms, please
> specify whether the security of the algorithm is based
> upon any of the following: (a) factorization of integers
> in excess of 512 bits (e.g., RSA); (b) computation of
> discrete logarithms in a multiplicative group of a finite
> field of size greater than 512 bits (e.g., Diffie-Hellman
> over Z/pZ); or (c) discrete logarithms in a group other
> than mentioned above in excess of 112 bits (e.g.,
> Diffie-Hellman over an elliptic curve).
Symmetric algos all in cipher block chaining (CBC) mode:
168-bit 3DES
256- or 128-bit AES
128-bit Blowfish
128- or 256-bit Twofish
Asymmetric algos:
Diffie-Hellman, computing discrete logarithms (1024-bit)
(RSA and DSS are used but not for encryption)
> 2. State the key management algorithms, including
> modulus sizes, that are supported (e.g., 512-bit RSA,
> 1024-bit Diffie-Hellman, etc.).
Diffie-Hellman 1024-bit
Signing only:
RSA 512- to 4096-bit
DSA 512- to 4096-bit
Hopefully that's of use, good luck.
Matt
More information about the Dropbear
mailing list