[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: allocation of key material into keys
[Mail from the ipsec list seems to arrive here substantially reordered,
so please ignore this if it's already been covered.]
Bill Sommerfeld writes:
> Here's a rephrase which I think is more precise. Let me know if this
> is not what you intended..
>
> I'd like to propose that the key management protocol
> specifications only be responsible for generating a "blob" of
> key material at least N bits long containing at least K bits of
> entropy. For obvious reasons, K <= N.
[...]
At the risk of stating the obvious, the K bits of entropy should
presumably be ~ evenly distributed among the N bits of VPIblob, i.e.
padding K bits from a physical random source with 0s to reach N bits
would be unacceptable. Otherwise a transform might grab a hunk of
padding and use it as key material....
-Lewis <mailto:lmccarth@cs.umass.edu>
References: