[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: On shared keys



On Thu, 29 Nov 2001, Arne Ansper wrote:
> > In essence, you take the pre-shared secret, create a PRNG out of
> > the secret using a hash function, and then use a determining
> > RSA keypair generator to create the keypair.  Both communicating
> > hosts use the same pre-shared secret, and thus end up with the
> > same RSA keypair.
> 
> in order to end up with the same RSA key on both sides you must
> standardize both PRNG and RSA keypair generator. and if one of the
> implementations improves it's primality checks then you might have
> interoprability problems.

Again, I'm not a cryptographer.  Still, I've had the impression
that primality checking is not the problem here: even probabilistic
algorithms have such an astronomically small chance of mistaking
a composite for a prime that I wouldn't worry about it.

I think the bigger problem are the criteria for what kind of
primes to generate -- the sizes of the primes, and whether
primes of some special form are to be used.  Once these criteria
are set in the algorithm, they cannot be changed without breaking
interoperability.

The other big issue would be the quality of the PRNG.  How good
does it have to be for this application?

Still, I think it would be possible to agree on these two issues,
and end up with a workable solution.

-Sami



References: