[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: representation of IKE DH shared secret

To: Dan Harkins <dharkins@network-alchemy.com>
Subject: Re: representation of IKE DH shared secret
From: Bill Sommerfeld <sommerfeld@orchard.arlington.ma.us>
Date: Thu, 22 Apr 1999 18:40:40 -0400
cc: hugh@mimosa.com, ipsec@lists.tislabs.com, Henry Spencer <henry@spsystems.net>, Hugh Daniel <hugh@toad.com>, John Gilmore <gnu@toad.com>, Richard Guy Briggs <rgb@conscoop.ottawa.on.ca>, Sandy Harris <sandy@storm.ca>
In-Reply-To: Message from Dan Harkins <dharkins@network-alchemy.com> of "Wed, 21 Apr 1999 18:53:37 PDT." <199904220153.SAA13986@potassium.network-alchemy.com>
Sender: owner-ipsec@lists.tislabs.com

(oops, last one got away from me too soon).

> > [This doesn't actually say "padded up to be an integral number of
> > octets", but I assume that this is meant.  Should it be stated?]

Yes.

MD5, (and, by extension, HMAC-MD5) counts bits rather than bytes
(though, perhaps fortunately, the published C API to MD5 doesn't let
you feed a non-integral number of octets through it), so it's
*conceivable* that someone could interpret the spec to indicate an
unpadded shared secret.

					- Bill

Prev by Date: Re: representation of IKE DH shared secret
Next by Date: Re: representation of IKE DH shared secret
Prev by thread: Re: representation of IKE DH shared secret
Next by thread: Re: representation of IKE DH shared secret
Index(es):
- Main
- Thread