[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: allocation of key material into keys



> As has been discussed, this is a key management layer issue. I'd modify your
> statement to include that somehow, the "blobs" handed to different
> transforms or algorithms must be 'independent' (i.e. it's cryptographically
> hard to derive one key from another). They can still be generated from the
> same key exchange, as long as the key manager runs an intermediate step to
> obscure the source keying material.

Agreed.  Each SA/SPI instantiated by the key mgmt protocol needs to
get a different, independant, blob of entropy.

					- Bill



References: