On Thu, Apr 19, 2007 at 12:40:56AM +0000, Edward Wang wrote: > I am currently in the process of trying to obtain clearance to export some > custom computers out of the U.S. The computers have Dropbear, and the > lawyers > have questions about Dropbear encryption that I can't answer. > Unfortunately, > I can not find any documentation online with the answers either. I'd > appreciate it if anyone can give the answers or can point me to where I can > find the answers.
The SSH2 specification at http://www.ietf.org/rfc/rfc4253.txt is probably a reasonable start. See inline for a list more specific to Dropbear. Hmm, I need to get some glossy marketing pamphlets to print :) > 1. Describe the symmetric and asymmetric encryption > algorithms and key lengths and how the algorithms are used > (e.g., 56-bit DES, 168-bit DES, 128-bit RC4, 448-bit > Blowfish, etc.). Specify which encryption modes are > supported (e.g., cipher feedback mode or cipher block > chaining mode). For any asymmetric algorithms, please > specify whether the security of the algorithm is based > upon any of the following: (a) factorization of integers > in excess of 512 bits (e.g., RSA); (b) computation of > discrete logarithms in a multiplicative group of a finite > field of size greater than 512 bits (e.g., Diffie-Hellman > over Z/pZ); or (c) discrete logarithms in a group other > than mentioned above in excess of 112 bits (e.g., > Diffie-Hellman over an elliptic curve). Symmetric algos all in cipher block chaining (CBC) mode: 168-bit 3DES 256- or 128-bit AES 128-bit Blowfish 128- or 256-bit Twofish Asymmetric algos: Diffie-Hellman, computing discrete logarithms (1024-bit) (RSA and DSS are used but not for encryption) > 2. State the key management algorithms, including > modulus sizes, that are supported (e.g., 512-bit RSA, > 1024-bit Diffie-Hellman, etc.). Diffie-Hellman 1024-bit Signing only: RSA 512- to 4096-bit DSA 512- to 4096-bit Hopefully that's of use, good luck. Matt
