Safety of pre-shared keys? (Re: Reliable delete notifies)

[Ari Huttunen <Ari.Huttunen@F-Secure.com>]

Henry Spencer wrote:
> 
> On Mon, 9 Oct 2000, Jan Vilhuber wrote:
> > With pure public keys, you need TWO of them. Granted, I can provision every
> > box with the same private key, which would make it equivalent to the above
> > group-pre-shared key scenarion. But in reality you need two public keys,
> > where before you had a single pre-shared key.
> 
> Consider them two halves of the same shared secret.  There's no fundamental
> difference...

Incorrect. With a pre-shared key you have one key that is secret. With public
keys, you have two keys, one of which is public, one is secret. I'm quite
sure everyone on this list knows this much..

Now, if you have that public key, you CAN give it to some mechanical calculator
for cracking. Eventually that machine will produce a result, and if it's based
on quantum computing you might actually get a result before the Big Crash (if any).

Out of curiosity, what would one need to fool authentication based on
pre-shared keys, assuming only knowledge of things-on-the-wire? Would the
method learn the value of the pre-shared key or something else? (Would it
be safe against quantum computers?)

Ari

-- 
Ari Huttunen                   phone: +358 9 859 900
Senior Software Engineer       fax  : +358 9 8599 0452

F-Secure Corporation       http://www.F-Secure.com 

F-Secure products: Integrated Solutions for Enterprise Security

---

References:

• Re: Reliable delete notifies
• From: Henry Spencer <henry@spsystems.net>

---

• Prev by Date: Re: charter question re IKE changes
• Next by Date: RE: NAT and IPsec
• Prev by thread: Re: ike and secure DNS
• Next by thread: RE: Safety of pre-shared keys? (Re: Reliable delete notifies)
• Index(es):
  • Main
  • Thread