Feature Request: Stronger database crypto

jarednichols
Honored Contributor

Hi-

To my knowledge, the JSS database uses RSA-128 with 1024bit keys to store machine account passwords in the database. While likely strong enough for typical use, in high security environments RSA-128 isn't looked upon favorably due to a recently successful hack:

http://au.ibtimes.com/articles/20100310/rsa-1024-hacked.htm

White paper: http://www.eecs.umich.edu/%7Evaleria/research/publications/DATE10RSA.pdf

It would be advisable to move to an AES-128 or higher (256?) algo with a larger key size (2048?). Using a FIPS 140-2 certified crypto (e.g. OpenSSL) module would also be beneficial for government implementations. While FIPS certification isn't required as of yet, being ahead of that regulatory curve would be nice.

Thanks,

j
---
Jared F. Nichols
Desktop Engineer, Client Services
Information Services Department
MIT Lincoln Laboratory
244 Wood Street
Lexington, Massachusetts 02420
781.981.5436

0 REPLIES 0