[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: deriving keying material from the shared secret
pau@watson.ibm.com says:
> Yes, this is a good idea. I don't know, however, if we should specify
> a generic algorithm for all crypto algorithms; or each crypto
> (e.g., DES, HAMC-MD5, etc.) should specify its own transformation
> to transfer a n-bit keying material to a m-bit key ? Where n could be
> either greater than, equal to, or less than m.
I would prefer for each transform to have its own algorithm for
deriving keys from keying material.
[Of course, it would be nice, especially for those mildly paranoid
like me (:-) to ensure that there is reliable "one-way valve" between
the keying material and the derived keys, so that a weaker transform
did not compromise stronger keys.]
--
Regards,
Uri uri@watson.ibm.com
-=-=-=-=-=-=-
<Disclaimer>
References: