[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Length of pre-shared key

To: juha.ollila@nokia.com
Subject: Re: Length of pre-shared key
From: James Tiller <tiller@lucent.com>
Date: Mon, 25 Feb 2002 11:08:27 -0500
Cc: ipsec@lists.tislabs.com
In-Reply-To: <B49318639A71D3418DC1005FD40B36100EB4B9@ouebe005.NOE.Nokia.com>
Organization: Lucent Technolgies
References: <B49318639A71D3418DC1005FD40B36100EB4B9@ouebe005.NOE.Nokia.com>
Reply-To: James Tiller <tiller@lucent.com>
Sender: owner-ipsec@lists.tislabs.com

Juha -

I'm going out on a limb here... but technically there is no limit
since the key is only used locally in the creation of the SKEYID.
The real limit is in the PRF inputs, i.e. SKEYID =
prf(pre-shared-key, Ni_b | Nr_b)

Seeing that the Nonce can be between 8 and 256 bytes, it *could*
be logically surmised that the shared secret would have the same
consideration based on the PRF - but this depends on the process
implemented and supported.

Just my $0.02

-------------
Best regards,
Jim Tiller, CISSP
Global Security Product Manager
Lucent Worldwide Services
--
tiller@lucent.com
10:58 AM - 2/25/2002


Monday, February 25, 2002, 9:41:20 AM, juha wrote:
ollila>         Hello!

ollila> Have IPsec and IKE specifications any requirements about the pre-shared keys? I didn't find the required length of pre-shared key.

ollila> Best Regards,
ollila> Juha Ollila

References:
- Length of pre-shared key
  - From: juha.ollila@nokia.com

Prev by Date: Length of pre-shared key
Next by Date: RE: NAT Traversal
Prev by thread: Length of pre-shared key
Next by thread: Re: Length of pre-shared key
Index(es):
- Date
- Thread