[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: representation of IKE DH shared secret
(oops, last one got away from me too soon).
> > [This doesn't actually say "padded up to be an integral number of
> > octets", but I assume that this is meant. Should it be stated?]
Yes.
MD5, (and, by extension, HMAC-MD5) counts bits rather than bytes
(though, perhaps fortunately, the published C API to MD5 doesn't let
you feed a non-integral number of octets through it), so it's
*conceivable* that someone could interpret the spec to indicate an
unpadded shared secret.
- Bill