[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

allocation of key material into keys

To: sommerfeld@apollo.hp.com, rja@cisco.com
Subject: allocation of key material into keys
From: HUGO@watson.ibm.com
Date: Tue, 29 Oct 96 14:48:31 EST
cc: ipsec@TIS.COM
MMDF-Warning: Parse error in original version of preceding line at neptune.TIS.COM
Sender: ipsec-approval@neptune.tis.com

Ref:  Your note of Mon, 28 Oct 1996 15:29:06 -0500 (attached)

sommerfeld at apollo.hp.com writes:

 >     I'd like to propose that the key management protocol
 >     specifications only be responsible for generating a "blob" of
 >     key material at least N bits long containing at least K bits of
 >     entropy.  For obvious reasons, K <= N.
 >

The word "entropy" may be confusing.
The important factor is the cryptographic strength of the keys.
Even if a key may have a lot of random bits used for its creation
(like a DH key) its strength depends on the actual algorithms that	
we know for attacking that key (and its uses).
For example, in the case of DH keys based on primes of 1024 bit length the
strength is between 90-100 bits (in the sense that current attacks
on DH or discrete log take in the order of 2^90-2^100 operations).

Hugo

PS: just as a remark, the entropy of a DH key g^xy is 0 given that
the components g^x and g^y are public and uniquely determine g^xy.

Prev by Date: allocation of key material into keys
Next by Date: Re: proposed IPSEC changes/extensions
Prev by thread: allocation of key material into keys
Next by thread: proposed IPSEC changes/extensions
Index(es):
- Main
- Thread