Harden default PKI setup

Bug #1103002 reported by Dirk Mueller on 2013-01-22
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
OpenStack Identity (keystone)
Medium
Dirk Mueller
python-keystoneclient
Medium
Dirk Mueller

Bug Description

keystone-manage pki_setup is a handy tool to quickly setup a default SSL public/private key pair for an initial test setup of OpenStack Keystone. Unfortunately it hardcodes defaults that are meanwhile considered less secure.

I understand that this is an example setup, but given that users are likely going to (re-) use the configuration defaults for their production setup, I think we should advertise good defaults instead of weak ones.

According to http://securitymusings.com/article/1587/algorithm-and-key-length-deprecation

The following keylengths are deprecated:

Hashing: 160-bit SHA-1 (note: MD4/MD5 was never an “acceptable algorithm” to the government, and should already be deprecated)
Signatures: 1024-bit DSA, 1024-bit RSA, 160-bit ECDSA
Encryption: 80/112-bit 2TDEA (two key triple DES)

When are they deprecated?

Hashing: for all hashes generated after 12/31/2010
Signatures: for all signatures generated after 12/31/2010
Encryption: for any information that needs to remain confidential after 12/31/2010

Dirk Mueller (dmllr) on 2013-01-22
Changed in keystone:
assignee: nobody → Dirk Mueller (dmllr)
Kurt Seifried (kseifried) wrote :

This might need a CVE, whom should I query for details? dmllr?

Adam Young (ayoung) wrote :

This bug is public already. This is more a hardening issue. However, in the future. there is no harm in filing these types of bugs as "Private Security" and letting the security team review them first.

Dirk Mueller (dmllr) wrote :

I agree, this is a hardening issue and does not need a CVE. I mostly created the bugreport in order to be able to work on it and send a patch upstream once it is ready for review. Currently I'm stuck on why there is a previous commit that lowers the values with the reason that it fixes something.

Dolph Mathews (dolph) wrote :

Dirk: link to that commit?

Dirk Mueller (dmllr) wrote :

Dolph, the commit I'm talking about is https://review.openstack.org/#/c/10584/, which is weird because 2048 bit (!) keys should be unrelated to a 1024 char (!) error.

Initially I started with a revert of this commit and cleaned up the stuff further, but haven't gotten around pushing it for review. I can do that by the end of this week I think.

On 05/06/2013 06:26 AM, Dirk Mueller wrote:
> Dolph, the commit I'm talking about is
> https://review.openstack.org/#/c/10584/, which is weird because 2048 bit
> (!) keys should be unrelated to a 1024 char (!) error.
>
> Initially I started with a revert of this commit and cleaned up the
> stuff further, but haven't gotten around pushing it for review. I can do
> that by the end of this week I think.
>

That change should be reverted. What they saw was when we were
persisting the entire signed token. Reducing the key size did decrease
the size of the signed data. We no longer even store that data, so
increasing the Key size is correct.

Fix proposed to branch: master
Review: https://review.openstack.org/31374

Changed in keystone:
status: New → In Progress
Dolph Mathews (dolph) on 2013-06-01
Changed in keystone:
importance: Undecided → Medium

Reviewed: https://review.openstack.org/31374
Committed: http://github.com/openstack/keystone/commit/7006798028f4b737ab8f8b5c84bfea2a64b7fbfc
Submitter: Jenkins
Branch: master

commit 7006798028f4b737ab8f8b5c84bfea2a64b7fbfc
Author: Dirk Mueller <email address hidden>
Date: Tue Jan 22 15:05:45 2013 +0100

    Raise key length defaults

    Extend RSA keylength to 2048 bits by default,
    as the previous default of 1024 bit is considered
    weak since 12/31/2010.

    Also unify the message_md to the openssl builtin default.

    Fixes bug 1103002

    Change-Id: I70e90b7696f8a56073c3d6bdc9ed5d30cfa3401f

Changed in keystone:
status: In Progress → Fix Committed

Fix proposed to branch: master
Review: https://review.openstack.org/36246

Changed in python-keystoneclient:
assignee: nobody → Dirk Mueller (dmllr)
status: New → In Progress
Dolph Mathews (dolph) on 2013-07-10
Changed in python-keystoneclient:
importance: Undecided → Medium
Thierry Carrez (ttx) on 2013-07-17
Changed in keystone:
milestone: none → havana-2
status: Fix Committed → Fix Released

Reviewed: https://review.openstack.org/36246
Committed: http://github.com/openstack/python-keystoneclient/commit/3f1415026b2d1d00f71a906c84846ba56af1b56a
Submitter: Jenkins
Branch: master

commit 3f1415026b2d1d00f71a906c84846ba56af1b56a
Author: Dirk Mueller <email address hidden>
Date: Tue Jul 9 17:04:55 2013 +0200

    Raise key length defaults

    Extend RSA keylength to 2048 bits by default,
    as the previous default of 1024 bit is considered
    weak since 12/31/2010.

    Also unify the message_md to the openssl builtin
    default.

    Fixes bug 1103002

    Change-Id: I619fc32b62beab4458ee6f21bf8dc7499fe400d7

Changed in python-keystoneclient:
status: In Progress → Fix Committed
Dolph Mathews (dolph) on 2013-08-22
Changed in python-keystoneclient:
milestone: none → 0.3.2
Dolph Mathews (dolph) on 2013-08-23
Changed in python-keystoneclient:
status: Fix Committed → Fix Released
Thierry Carrez (ttx) on 2013-10-17
Changed in keystone:
milestone: havana-2 → 2013.2
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers