[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: deriving keying material from the shared secret

To: pau@watson.ibm.com
Subject: Re: deriving keying material from the shared secret
From: Uri Blumenthal <uri@watson.ibm.com>
Date: Mon, 1 Jul 1996 13:32:47 -0400 (EDT)
Cc: ipsec@TIS.COM
In-Reply-To: <9607011545.AA21226@secpwr.watson.ibm.com> from "pau@watson.ibm.com" at Jul 1, 96 11:45:26 am
Reply-To: uri@watson.ibm.com
Sender: ipsec-approval@neptune.tis.com

pau@watson.ibm.com says:
> Yes, this is a good idea. I don't know, however, if we should specify
> a generic algorithm for all crypto algorithms; or each crypto
> (e.g., DES, HAMC-MD5, etc.) should specify its own transformation
> to transfer a n-bit keying material to a m-bit key ? Where n could be
> either greater than, equal to, or less than m.

I would prefer for each transform to have its own algorithm for
deriving keys from keying material. 

[Of course, it would be nice, especially for those mildly paranoid 
like me (:-) to ensure that there is reliable "one-way valve" between 
the keying material and the derived keys, so that a weaker transform 
did not compromise stronger keys.]
-- 
Regards,
Uri		uri@watson.ibm.com
-=-=-=-=-=-=-
<Disclaimer>

References:

Re: deriving keying material from the shared secret

From: pau@watson.ibm.com

Prev by Date: Re: deriving keying material from the shared secret
Next by Date: Re: deriving keying material from the shared secret
Prev by thread: Re: deriving keying material from the shared secret
Next by thread: Re: deriving keying material from the shared secret
Index(es):
- Main
- Thread