[dns-operations] a maximum of about 16K possible DNSSEC keytags?

Roy Arends roy at dnss.ec
Mon Nov 30 15:49:15 UTC 2015


On 30 Nov 2015, at 15:34, Warren Kumari wrote:

> ... and, for the last hour or so I've been generating lots of keys 
> using
> ISC BIND dnssec-keygen.
>
> Currently I'm up to:
> wkumari at eric:~/tmp/tmp$ wc -l keytags
> 5209 keytags
> (and, boy, are my fingers tired...)
>
> How did you generate the keys? I've been doing:
> dnssec-keygen -K keys -a RSASHA256 -b 2048 -f KSK -v \
> 0 -r /dev/urandom example.com > /dev/null 2>&1

while true; do /usr/local/sbin/dnssec-keygen -a rsasha256 -b 2048 -f KSK 
.; done

to do an equivalent calculation with random numbers I use:

while true; do jot -r 128 0 65535|awk '{s+=$1} END {print (s + 
int(s/65536))%65535}'>>test;done

The former gets about 16K unique results, the latter 64K.

Roy


>
> W
>
> On Mon, Nov 30, 2015 at 10:24 AM Roy Arends <roy at dnss.ec> wrote:
>
>> On 29 Nov 2015, at 23:20, Roy Arends wrote:
>>
>>> I am only able to generate about 16K unique keytags for a 2K 
>>> RSASHA256
>>> KSK (*), even after generating hundreds of thousands of keys in a
>>> loop.
>>>
>>> I expected the entire 16 bit keytag space used (i.e. 64K keytags), 
>>> as
>>> the keytag is simply the sum of the DNSKEY RDATA (as a series of two
>>> byte values) with the high two bytes of the resulting 32 bit value
>>> added to the low 2 byte without carry.
>>>
>>> Since the RDATA contains 256 bytes of modulus (a result of 
>>> multiplying
>>> two randomly generated 128 byte primes), I thought it had a fair
>>> amount of entropy so that the resulting key tags would be nicely
>>> distributed.
>>>
>>> Apparently not.
>>>
>>> Anyone able (willing) to explain the math, please?
>>
>> Peter van Dijk generated a large set of DNSKEYs with the same 
>> algorithm,
>> flags and exponent and was able to generate a lot more unique 
>> keytags.
>> Peter is using PowerDNS ’pdnssec add-zone-key’ which uses mbedTLS
>> 2.1.0, while I was using dnssec-keygen and ldns-keygen which both 
>> used
>> OpenSSL 0.9.8zg.
>>
>> It looks like the difference stems from the libraries involved. At 
>> least
>> we can fingerprint the key generators behind the keys used :-)
>>
>> Not sure if I can find out more, or if this is important. Will keep
>> looking though.
>>
>> Thanks
>>
>> Roy
>> _______________________________________________
>> dns-operations mailing list
>> dns-operations at lists.dns-oarc.net
>> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
>> dns-jobs
>> <https://lists.dns-oarc.net/mailman/listinfo/dns-operationsdns-jobs>
>> mailing list
>> https://lists.dns-oarc.net/mailman/listinfo/dns-jobs



More information about the dns-operations mailing list