Re: IKE entropy issues with long keys

[Wes Hardaker <wes@hardakers.net>]

>>>>> On Fri, 2 Feb 2001 17:53:13 -0500, "Andrew Krywaniuk" <andrew.krywaniuk@alcatel.com> said:

Andrew> Wes, some of these issues have been discussed recently on this list.

Andrew> See: http://www.vpnc.org/ietf-ipsec/mail-archive/msg01288.html
Andrew> and: http://www.vpnc.org/ietf-ipsec/mail-archive/msg01817.html

Andrew> and the discussions surrounding them.

I wasn't suggesting the problem be solved (since its too late).  It
should, IMHO, be at least mentioned in the documents even if the
problem itself is ignored and not solved.

Also, IMHO, The "2^128 is large enough" response is a silly one.  If
that were true, we wouldn't bother developing new algorithms with
longer key lengths.  The AES requirements required longer key lengths
for a reason.  Currently unknown attacks may reduce the functional key
space of an algorithm to something that is computationally feasible.
-- 
Wes Hardaker
NAI Labs
Network Associates

---

Follow-Ups:

• RE: IKE entropy issues with long keys
• From: "Andrew Krywaniuk" <andrew.krywaniuk@alcatel.com>
• Re: IKE entropy issues with long keys
• From: Hugo Krawczyk <hugo@ee.technion.ac.il>

References:

• RE: IKE entropy issues with long keys
• From: "Andrew Krywaniuk" <andrew.krywaniuk@alcatel.com>

---

• Prev by Date: Re: Need help! Regarding aggressive mode of Oakley
• Next by Date: Re: IKE entropy issues with long keys
• Prev by thread: RE: IKE entropy issues with long keys
• Next by thread: RE: IKE entropy issues with long keys
• Index(es):
  • Main
  • Thread