Weak keys

[Paul Koning <pkoning@xedia.com>]

If I understand it correctly, the current IKE spec says that the keys
for each of the transforms are taken from the start of the keying
material, except for DES where you skip bytes until what you find
isn't one of the weak or semi-weak keys listed.

This doesn't seem to be complete, because it doesn't take into account 
the weak keys of other cryptosystems (such as 3DES, IDEA, and
Blowfish). 

It also doesn't sound like it will interoperate if new weak keys are
discovered and one side is updated to recognize those weak keys (since 
the two sides will extract different substrings from the keying
material).  After all, the listing of weak keys is subject to growth
as more is learned about the systems in question.

One possible interpretation:
1. the key extraction rules are exactly as specified and stay that way 
forever.
2. any other weak keys are handled by rekeying immediately.

Is that the intent?  If not, how are weak keys handled?

	paul

-- 
!-----------------------------------------------------------------------
! Paul Koning, NI1D, C-24183
! Xedia Corporation, 119 Russell Street, Littleton, MA 01460, USA
! phone: +1 978 952 6000 ext 115, fax: +1 978 952 6090
! email: pkoning@xedia.com
! Pgp:   27 81 A9 73 A6 0B B3 BE 18 A3 BF DD 1A 59 51 75
!-----------------------------------------------------------------------
! "The only purpose for which power can be rightfully exercised over 
!  any member of a civilized community, against his will, is to prevent
!  harm to others.  His own good, either physical or moral, is not
!  a sufficient warrant."    -- John Stuart Mill, "On Liberty" 1859

---

Follow-Ups:

• Re: Weak keys
• From: "Derrell D. Piper" <ddp@network-alchemy.com>

---

• Prev by Date: Re: Last Call for IPSEC
• Next by Date: RE: Radius authentication and client configuration
• Prev by thread: Re: Hop Limit in Inner Header (IPv6)
• Next by thread: Re: Weak keys
• Index(es):
  • Main
  • Thread