[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: IKE entropy issues with long keys
>>>>> On Tue, 6 Feb 2001 14:38:39 +0200 (IST), Hugo Krawczyk
>>>>> <hugo@ee.technion.ac.il> said:
(first off, sorry for the delay... I've been swamped)
>> I wasn't suggesting the problem be solved (since its too late). It
>> should, IMHO, be at least mentioned in the documents even if the
>> problem itself is ignored and not solved.
Hugo> There is no problem to solve.
Poor choice of words on my part, sorry. "problem" was not a good
choice. My goal was not change anything, only to add a "footnote"
mentioning that key entropy does depend on the choice of hashing
algorithms, since its not mentioned to date.
Hugo> If you want to use Blowfish with 448-bit key (as in your
Hugo> example) and you feel that your current hash function is not
Hugo> strong enough then upgrade the prf: for example, use Blowfish
Hugo> with 448-bit in CBC-MAC mode as your prf.
Exactly, it's not a "problem". But no where in the documents is the
reader informed about choosing prf algorithms aside from the strengths
of the hashing algorithms themselves.
It's a minor point, as you've stated repeatedly, so feel free to drop
it if you so choose.
--
Wes Hardaker
NAI Labs
Network Associates
References: