[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Generating 3DES keys from SKEYID_e

To: "Sandy Harris" <sandy@storm.ca>, <ipsec@lists.tislabs.com>
Subject: Re: Generating 3DES keys from SKEYID_e
From: "Stephane Beaulieu" <stephane@cisco.com>
Date: Sat, 15 Jul 2000 13:53:44 -0400
References: <B067F3F71A6CD3118395009027AA616032B6AE@ca-exchange2.nai.com> <14703.36745.942949.456705@xedia.com> <396FC665.6890C2C2@storm.ca>
Sender: owner-ipsec@lists.tislabs.com


>
> Another alternative would be to use Tiger as the hash. That is a
> SHOULD in RFC 2409 and gives a 192-bit hash.
> http://www.cs.technion.ac.il/~biham/Reports/Tiger/
>
>

That's a good work-around solution for the short term, and requires no
modifications to IKE.

If IKE ever gets rev'ed however, I'd like to see g^xy (or some other large
secret value) be included in the prf feedback mechanism used to expand
SKEYID_e.

Stephane.

References:

RE: Generating 3DES keys from SKEYID_e

From: "Glawitsch, Gregor" <Gregor_Glawitsch@nai.com>

RE: Generating 3DES keys from SKEYID_e

From: Paul Koning <pkoning@xedia.com>

Re: Generating 3DES keys from SKEYID_e

From: Sandy Harris <sandy@storm.ca>

Prev by Date: Re: Generating 3DES keys from SKEYID_e
Next by Date: Re: Generating 3DES keys from SKEYID_e
Prev by thread: Re: Generating 3DES keys from SKEYID_e
Next by thread: Re: Generating 3DES keys from SKEYID_e
Index(es):
- Main
- Thread