Provide a library for determining keylength security

[denknorr]

Project Title: Project title, short enough to catch attention

Provide a library for determining keylength security

Description: General information about the project, avoid one Liners, the description should be as detailed as possible.

The project would be writing a library for looking at keylength of algorithms and measuring their security according to different standards. For example RSA-4096 is currently considered secure, but RSA-1024 not. We want a library which embedds this knowledge and can be requested. Furtheron we want to be able to enhance the library or write a program which does scan keys or certificates and determines their security strength. This should be done according to different standards, think NIST standards or IETF or BSI standards.

There's already a website which does this similarly, called keylength.com, but this is not usable as a library, nor cannot be used in a pipeline or an offline program

This library could be done in Rust but the most important point is, that it can be linked to other (lowlevel) languages

Deliverable: Expectations from the student at the end of the project

1. The first task is reading and understanding the different Standards and Papers regarding keylengths for cryptographic primitives and their security
2. The second task is implementing this knowledge into a library
3. The third task would be to write a program which uses this library to scan keys or certificates so the program can say if the used primitives and their keylengths are secure according to specific standards

Mentor: Who is the mentor? Who is the Co-Mentor? Also please assign the issue to the mentor!

Dennis Knorr (dennis.knorr@suse.com)
Martin Sirringhaus (martin.sirringhaus@suse.com)

Skills: Which skills are needed? Programming languages, frameworks, concepts etc.

• have a bit knowledge in cryptography
• being somewhat able reading papers and standards about keylengths and their respective security
• being familiar with programming

Skill Level: Easy, Medium, Hard

Medium

Prject Size: Medium Sized Project (175 hours), Large Sized Project (350 hours)

As reading and grokking the papers might take some time and also writing a program which scans keys needs parsing, this is more a large project

Get started: Tasks that mentors may want to suggest students so that they can start contributing to the code base (e.g. junior jobs, low hanging fruits, discussion on the mailing list)

• Get familiar with standards like https://infoscience.epfl.ch/record/164539/files/NPDF-32.pdf or https://infoscience.epfl.ch/record/164526/files/NPDF-22.pdf (you do not have to read them all now, just be aware of it)
• Get familiar with the language you want to do this with (we would prefer rust)

[DataCrusade1999]

Hi, @denknorr I'm Ashutosh Pandey and I would like to work on this project in this year's GSoC should I ask for help on the mailing list about this project or here??

[denknorr]

Hi,
@DataCrusade1999 thank you for your interest :) Please ask on the mailinglist. The GSOC process is ongoing at the moment.

[DataCrusade1999]

Hi,
@denknorr, sorry for responding late. I've asked about this project on the openSUSE project mailing list and was told to get in contact with the mentor of the project for proposal writing and help. seeing that this project is security-related I've joined the openSUSE security mailing list and I've also joined the openSUSE factory mailing list. as of now I'm going through the pdf that is listed above to gain some insight about the project and its requirements. as you have suggested that I should ask the question on the mailing list could you point me to the mailing list which would be better suited for this project openSUSE-security(this mailing list isn't active that much) or openSUSE-factory mailing??

[denknorr]

Hey @DataCrusade1999 ah, okay, i asked you to ask on the mailinglist as the organization was not officially approved for GSOC. Now that we are recognized, you can write to our mailaddresses (surname.lastname@suse.com) listed in the GSOC project/up in the task.