[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: 3DES keys



> From: Paul_Lambert-P15452@email.mot.com
> It would be best to describe a way to partionIt would be best to describe a way
> to use a key stream to obtain keys for a given algorithm separate from the
> creation of the key stream.
>
Well, Paul, it's bloody obvious you haven't read Photuris!  Already done!


> All "security transforms" should include the size of key stream required for
> initialization and the process for using these bits with the defined transform.
>
Ah, you haven't read AH-MD5 or ESP-DES either.  (So much for "WG review"
when a chair hasn't read it.)  See the section labeled "Keys".  (sigh)


> An algorithmic approach (e.g. using MD5 or SHA) should be defined to lengthen a
> sequence when required to provide sufficient keying bits.
>
That's what I'm asking.  What algorithm should we use?


> This means that for 3DES with 2 keys (112 bits) one MD5 (128 bits) chunk or one
> SHA (160 bits) chunk would suffice. For 3DES with 3 keys (168 bits) two
> "chunks" of MD5 (256) or SHA (320) would be required.
>
Yeah, that's what I thought.  That's why I asked.


> Should "extra" bits be ignored, or should an algorithm be defined to mix down
> excess bits into a given key size?
>
Currently written that the extra bits are ignored in each attribute.

Bill.Simpson@um.cc.umich.edu
          Key fingerprint =  2E 07 23 03 C5 62 70 D3  59 B1 4F 5E 1D C2 C1 A2