Generating Larger Keys with SN

re: Generating Larger Keys with MSI

Nicole Calinoiu — Sat, 22 Jan 2005 13:44:00 GMT

Did anyone actually try to sign an assembly with the max size key? I'm wondering if there's a practical limit on key size for assemblies compiled to any given PE file alignment size.

What Happens When You Sign With A Larger Key

.Net Security Blog — Tue, 25 Jan 2005 03:40:00 GMT

re: Generating Larger Keys with SN

Shawn — Tue, 25 Jan 2005 00:40:00 GMT

Nope, we just increase the size of the area used to store the signature. More details here: http://blogs.msdn.com/shawnfa/archive/2005/01/24/359861.aspx

-Shawn

re: Generating Larger Keys with SN

William — Tue, 25 Jan 2005 23:06:00 GMT

Can you get the actual signature bytes from the PE file?

re: Generating Larger Keys with SN

Shawn — Tue, 25 Jan 2005 23:10:00 GMT

Absolutely ... you might want to look at http://blogs.msdn.com/shawnfa/archive/2005/01/24/359861.aspx for some hints as to how. But this seems like a good topic for another post.

-Shawn

re: Generating Larger Keys with SN

dominick baier — Thu, 27 Jan 2005 05:29:00 GMT

Hi,

so why didn't microsoft choose 2048 bits from the beginning - and why is 1024 still the default?

three years ago it was easily forseeable that 1024 are not sufficient anymore -> http://www.win.tue.nl/~klenstra/key.pdf

wondering..
dominick

re: Generating Larger Keys with SN

Shawn — Thu, 27 Jan 2005 18:09:00 GMT

Hi Dominick,

The paper you point to actually doesn't say that 1024-bit RSA will be broken in 2002, in fact it says "Note that it does not follow from Table 1 or the default settings that 1024-bit RSA keys will be safe only until 2002".

Thinking about what a strong name is vs what it isn't is also instructive here. First and foremost, strong names exist to help form the name of an assembly. They are not used to make your assembly tamper-proof by a malicious user, rather they work in the reverse way. If you provide me a signed assembly, I can use the strong name to verify that nobody has modified it since it left your development shop. However, if I want to modify it, removing the strong name is a relatively easy task.

The reason we stuck with 1024 bits for Whidbey is that, while we do want to give users the option to use longer keys if necessary, we also needed to think about backwards compatibility.

-Shawn

re: Generating Larger Keys with SN

Shawn — Thu, 27 Jan 2005 18:11:00 GMT

And to re-reply to William, check out http://blogs.msdn.com/shawnfa/archive/2005/01/26/361109.aspx for some sample code to pull out the signature itself.

-Shawn

A Few Observations about Raw Signatures

.Net Security Blog — Sat, 29 Jan 2005 05:03:00 GMT

re: Generating Larger Keys with SN

dominick baier — Wed, 09 Feb 2005 06:19:00 GMT

hi shawn,

i don't quite agree with you - e.g. you can base CAS policy on SN evidence, can't you?

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnnetsec/html/strongNames.asp

dominick
www.leastprivilege.com

re: Generating Larger Keys with SN

Shawn — Wed, 09 Feb 2005 17:41:00 GMT

Yes, you can. But cracking a 1024 bit encryption, and being able to fake a signature are two different beasts. And as I said above, the paper explicitly says: "Note that it does not follow from Table 1 or the default settings that 1024-bit RSA keys will be safe only until 2002".

-Shawn

What's New in Security for v2.0

.Net Security Blog — Wed, 24 Aug 2005 17:46:49 GMT

There's a ton of new and enhanced security features coming with the v2.0 release of the CLR.&nbsp; However,...

What's New in Security for v2.0

.Net Security Blog — Thu, 01 Sep 2005 00:08:39 GMT

There's a ton of new and enhanced security features coming with the v2.0 release of the CLR.&nbsp; However,...