[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Weak keys

To: rgm-sec@htt-consult.com (Robert Moskowitz)
Subject: Re: Weak keys
From: Dan McDonald <danmcd@Eng.Sun.Com>
Date: Tue, 21 Apr 1998 11:27:23 -0700 (PDT)
Cc: pkoning@xedia.com, ipsec@tis.com
In-Reply-To: <3.0.5.32.19980421135506.009c0100@homebase.htt-consult.com> from "Robert Moskowitz" at Apr 21, 98 01:55:06 pm
Sender: owner-ipsec@ex.tis.com

> >So what I get from all this is:
> >1. Handle the specified list of DES keys (and no others) in phase 1 as 
> >stated, i.e., skip bits.
> >2. Handle all other weak keys in all other cases by rekeying.
> 
> There was an interesting comment about weak keys some time ago.  Either
> from Sommerville or McDonald to something like:
> 
> Weak keys are so rare that the code for them might never be exercised in
> testing and might be flawed.

I didn't say it, but that makes a LOT of sense.

> ERGO a developer might choose a strategy that keeps the weak key code as
> simple as possible.

My code rejects weak keys at the time you attempt to add them to the kernel's
SADB.  Any program that handles the adding of keys needs to check for
errors anyway, so weak keys become just one more error case.

Dan

References:

Re: Weak keys

From: Robert Moskowitz <rgm-sec@htt-consult.com>

Prev by Date: Re: Hop Limit in Inner Header (IPv6)
Next by Date: Re: Hop Limit in Inner Header (IPv6)
Prev by thread: Re: Weak keys
Next by thread: Slides for the IPSEC wg meeting minutes
Index(es):
- Main
- Thread