[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: 3DES keys

To: Hilarie Orman <ho@cs.arizona.edu>
Subject: Re: 3DES keys
From: Bill Sommerfeld <sommerfeld@apollo.hp.com>
Date: Thu, 28 Sep 1995 15:39:13 -0400
Cc: bsimpson@morningstar.com, ipsec@ans.net
In-Reply-To: ho's message of Thu, 28 Sep 1995 11:35:00 -0700. <199509281835.AA15720@interlock.ans.net>

-----BEGIN PGP SIGNED MESSAGE-----

content-type: text/plain; charset=us-ascii

   >    The modular exponentiation, elliptic curve, and key generator
   >    algorithms provide a number of bits of keying material. Use of an
   >    algorithm which produces a fewer number of keying bits than required
   >    for a selected transform results in less robust security than would
   >    otherwise be expected.
   
   Shouldn't this be "fewer than *twice* as many keying bits ..."  ?  
   
   (The 155 bits from the elliptic curve example is only good for 155/2 keying
   bits.)

Are you saying that you think that the keys in each direction need to
be completely independant?  

i.e.:

	key A->B	= hash (secret1, A, B, ...)
	key B->A	= hash (secret2, B, A, ...)

where secret1 and secret2 each consist of half of the bits of the
shared secret?

					- Bill




-----BEGIN PGP SIGNATURE-----
Version: 2.6.1

iQCVAwUBMGr53Vpj/0M1dMJ/AQEFZAP+LKBECjijmqQnt2f/sCWuJiWzFUlFlboQ
ZbOSgzGZQe4fbL8eXlPsnuP4TxXBnz1gkM6PIsA8JJUEOMW2zeHaNTfXT2HNA6kr
J7FfA8Df7YqlEYUedCwE1vHSNDHE3xZMo+vUKxteX3+n5rERe/WzWnaUtt0CTU/0
JnCEZ7kNUWc=
=Z/hn
-----END PGP SIGNATURE-----

Follow-Ups:

Re: 3DES keys

From: "Uri Blumenthal" <uri@watson.ibm.com>

References:

Re: 3DES keys

From: Hilarie Orman <ho@cs.arizona.edu>

Prev by Date: call for papers
Next by Date: Re: 3DES keys
Prev by thread: Re: 3DES keys
Next by thread: Re: 3DES keys
Index(es):
- Main
- Thread