Re: allocation of key material into keys

[Lewis McCarthy <lmccarth@cs.umass.edu>]

[Mail from the ipsec list seems to arrive here substantially reordered, 
so please ignore this if it's already been covered.]

Bill Sommerfeld writes:
> Here's a rephrase which I think is more precise.  Let me know if this
> is not what you intended..
> 
>     I'd like to propose that the key management protocol
>     specifications only be responsible for generating a "blob" of
>     key material at least N bits long containing at least K bits of
>     entropy.  For obvious reasons, K <= N.
[...]

At the risk of stating the obvious, the K bits of entropy should
presumably be ~ evenly distributed among the N bits of VPIblob, i.e.
padding K bits from a physical random source with 0s to reach N bits
would be unacceptable. Otherwise a transform might grab a hunk of
padding and use it as key material....

-Lewis	<mailto:lmccarth@cs.umass.edu>

---

References:

• Re: allocation of key material into keys
• From: Bill Sommerfeld <sommerfeld@apollo.hp.com>

---

• Prev by Date: Re: allocation of key material into keys
• Next by Date: proposed IPSEC changes/extensions
• Prev by thread: Re: allocation of key material into keys
• Next by thread: Re: allocation of key material into keys
• Index(es):
  • Main
  • Thread