Gregory Sloop
2020-07-07 23:32:37 UTC
So, I've spent some time looking at the man pages and googling without any definitive answer.
I'm generating some new rndc keys for my bind9 config. (9.11.3 in this particular case, if it matters.)
rndc-confgen has quite a number of options for the key-type - but I'm not sure what BIND9 will handle for RNDC.
I've seen reports that only HMAC-MD5 is the only valid key type.
...
Just before posting this, I checked the RNDC man page and found this:
[At least I saved myself some public embarrassment! :) ]
---
rndc communicates with the name server over a TCP connection, sending commands authenticated with digital signatures. In the current versions of rndc and named, the only supported authentication algorithms are HMAC-MD5 (for compatibility), HMAC-SHA1, HMAC-SHA224, HMAC-SHA256 (default), HMAC-SHA384 and HMAC-SHA512. They use a shared secret on each end of the connection. This provides TSIG-style authentication for the command request and the name server's response. All commands sent over the channel must be signed by a key_id known to the server.
---
Still, the root cause for my query....
Is there any (security) reason/implications to use something "better" than MD5?
I'd lean toward something like HMAC-SHA256/384/512.
Perhaps there's a discussion somewhere I haven't found - and I'd be glad to be pointed to that, instead of taking someone's time re-typing a bunch of details. But I can't seem to find anything.
I assume it might be easier to forge an update for rndc with an MD5 key, right?
Is there any reason not to select the strongest - HMAC-SHA512?
Just wanting to be sure I understand the implications of any particular choice.
TIA
-Greg
I'm generating some new rndc keys for my bind9 config. (9.11.3 in this particular case, if it matters.)
rndc-confgen has quite a number of options for the key-type - but I'm not sure what BIND9 will handle for RNDC.
I've seen reports that only HMAC-MD5 is the only valid key type.
...
Just before posting this, I checked the RNDC man page and found this:
[At least I saved myself some public embarrassment! :) ]
---
rndc communicates with the name server over a TCP connection, sending commands authenticated with digital signatures. In the current versions of rndc and named, the only supported authentication algorithms are HMAC-MD5 (for compatibility), HMAC-SHA1, HMAC-SHA224, HMAC-SHA256 (default), HMAC-SHA384 and HMAC-SHA512. They use a shared secret on each end of the connection. This provides TSIG-style authentication for the command request and the name server's response. All commands sent over the channel must be signed by a key_id known to the server.
---
Still, the root cause for my query....
Is there any (security) reason/implications to use something "better" than MD5?
I'd lean toward something like HMAC-SHA256/384/512.
Perhaps there's a discussion somewhere I haven't found - and I'd be glad to be pointed to that, instead of taking someone's time re-typing a bunch of details. But I can't seem to find anything.
I assume it might be easier to forge an update for rndc with an MD5 key, right?
Is there any reason not to select the strongest - HMAC-SHA512?
Just wanting to be sure I understand the implications of any particular choice.
TIA
-Greg