[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: representation of IKE DH shared secret

To: "Hilarie Orman" <HORMAN@novell.com>
Subject: Re: representation of IKE DH shared secret
From: Shawn Mamros <smamros@nortelnetworks.com>
Date: Wed, 21 Apr 1999 17:36:18 -0400
Cc: ipsec@lists.tislabs.com
Sender: owner-ipsec@lists.tislabs.com

>In the spirit of "less is more", I wonder what interest is served
>by specifying the representation of internal values?  You can
>represent g^xy as a decimal string if it is convenient for your
>hardware.

Under "normal" circumstances, you're right, it wouldn't matter
how g^xy is represented internally.  The problem is that g^xy
is used as input to the HMAC function that generates the key
material.  If both sides don't use the same set of octets in
the same order as input to the hash function, they won't generate
the same keys.

-Shawn Mamros
E-mail to: smamros@nortelnetworks.com

Prev by Date: Re: representation of IKE DH shared secret
Next by Date: Re: representation of IKE DH shared secret
Prev by thread: Re: representation of IKE DH shared secret
Next by thread: Re: representation of IKE DH shared secret
Index(es):
- Main
- Thread