United StatesChange Country, Oracle Worldwide Web Sites Communities I am a... I want to...
JDK-6521495 : Lift 1024-bit long prime restriction on Diffie-Hellman

Details
Type:
Enhancement
Submit Date:
2007-02-05
Status:
Closed
Updated Date:
2016-07-08
Project Name:
JDK
Resolved Date:
2012-12-11
Component:
security-libs
OS:
linux
Sub-Component:
javax.crypto
CPU:
x86
Priority:
P3
Resolution:
Duplicate
Affected Versions:
5.0,7,8
Fixed Versions:

Related Reports
Duplicate:
Relates:

Sub Tasks

Description
A DESCRIPTION OF THE REQUEST :
Sun's JCE implementation imposes an artificial restriction on Diffie-Hellman primes. When passing a DHParameterSpec generated with a 2048-bit long modulus, class DHKeyPairGenerator will throw an exception indicating that "Prime size must be multiple of 64, and can only range from 512 to 1024 (inclusive)."

Please allow for module sizes beyond the 1024-bit limit.

JUSTIFICATION :
Primes under 1024 bits don't provide an adecuate match to nowadays hardware and state-of-the-art algorithms, such as AES.
Please refer to RFC 3526 for an official submission that defines standard primes between 2048 and 8192 for the Diffie-Hellman algorithm.

Furthermore, the SSH2 protocol recommends and requires support of 2048-bit long groups over the now deprecated smaller groups. See RFC 4253 ??8.2 for further information.

EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
Primes of arbitrary length are supported for the Diffie-Hellman key agreement, as long as the length is multiple of 64.
ACTUAL -
Prime size must be multiple of 64, and can only range from 512 to 1024 (inclusive).

---------- BEGIN SOURCE ----------
See section "Diffie-Hellman Key Exchange between 2 Parties" in Appendix F of the JavaTM Cryptography Extension (JCE) Reference Guide published by Sun. Either modify the application to generate 2048-bit long primes or modify static array skip1024ModulusBytes to contain twice as many elements (the actual content shouldn't matter for this particular test).
---------- END SOURCE ----------

CUSTOMER SUBMITTED WORKAROUND :
Using BouncyCastle's JCE implementation, which doesn't impose this restriction, or resorting to the BigNumber API directly.

                                    

Comments
EVALUATION

Also consider lifting the same restriction on DSA (6560751)
                                     
2010-05-10



Hardware and Software, Engineered to Work Together