On 4/10/19 1:38 PM, Jakob Hirsch wrote: > i.e., everything that contains only hex characters ([0-9a-f]+) will be > considered a a hex key? I really like that, but that's a breaking change > for people using a key that consists of hex chars (and don't keep > client/server version in sync). For a random alphanumeric key the probability of being hex is at most:
((10+6+6)/(10+26+26))^20 ≈ 10^(-9) It's a little worse for uppercase-only or lowercase-only alphanumeric keys: ((10+6)/(10+26))^20 ≈ 10^(-7) We are still safe enough I suppose... Using a key that was already a valid hexadecimal number and two different versions of stunnel would indeed cause a problem. The solution is to also update the older stunnel... > This may sound stupid, as you vastly > limit your key space, but mitigated by simply doubling your key size. > Maybe not many people are using such keys (or PSK in general), though... There is no difference in key size, as the effective key size is the number of entropy bits, and not the number characters. The number of entropy bits in 32 hexadecimal digits, and the number of entropy bits in 16 bytes is actually identical (32*4 = 16*8). > The good news is, that PSK connections now also work with TLSv1.3, so: Yay! Thank you. Best regards, Mike
_______________________________________________ stunnel-users mailing list [email protected] https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
