Re: IKE entropy issues with long keys

[Wes Hardaker <wes@hardakers.net>]

>>>>> On Tue, 6 Feb 2001 14:38:39 +0200 (IST), Hugo Krawczyk
>>>>> <hugo@ee.technion.ac.il> said:

(first off, sorry for the delay...  I've been swamped)

>> I wasn't suggesting the problem be solved (since its too late).  It
>> should, IMHO, be at least mentioned in the documents even if the
>> problem itself is ignored and not solved.

Hugo> There is no problem to solve.

Poor choice of words on my part, sorry.  "problem" was not a good
choice.  My goal was not change anything, only to add a "footnote"
mentioning that key entropy does depend on the choice of hashing
algorithms, since its not mentioned to date.

Hugo> If you want to use Blowfish with 448-bit key (as in your
Hugo> example) and you feel that your current hash function is not
Hugo> strong enough then upgrade the prf: for example, use Blowfish
Hugo> with 448-bit in CBC-MAC mode as your prf.

Exactly, it's not a "problem".  But no where in the documents is the
reader informed about choosing prf algorithms aside from the strengths
of the hashing algorithms themselves.

It's a minor point, as you've stated repeatedly, so feel free to drop
it if you so choose.
-- 
Wes Hardaker
NAI Labs
Network Associates

---

References:

• Re: IKE entropy issues with long keys
• From: Hugo Krawczyk <hugo@ee.technion.ac.il>

---

• Prev by Date: Re: Password in IKE
• Next by Date: RFC2401 question about mismatched SPDs
• Prev by thread: Re: IKE entropy issues with long keys
• Next by thread: Re: IKE entropy issues with long keys
• Index(es):
  • Main
  • Thread