[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Length of pre-shared key

To: <andrew.krywaniuk@alcatel.com>
Subject: RE: Length of pre-shared key
From: David Jablon <dpj@world.std.com>
Date: Mon, 25 Feb 2002 21:49:21 -0500
Cc: <juha.ollila@nokia.com>, <ipsec@lists.tislabs.com>
In-Reply-To: <003301c1be31$163ff610$1e72788a@ca.alcatel.com>
References: <B49318639A71D3418DC1005FD40B36100EB4B9@ouebe005.NOE.Nokia.com>
Sender: owner-ipsec@lists.tislabs.com

I don't see anywhere that RFC 2104 says anything about "stretch"ing
a short input key into a longer one.  What it does is to hash (squeeze?)
a key that's longer than 64 bytes into a hash block.

Also, one should not confuse a password with a key in this context.

At 02:17 PM 2/25/02 -0500, Andrew Krywaniuk wrote:
>I don't think there is a specific limit. After all, HMAC tells you how to
>stretch the input if it is less that the size of the hash output. But use
>your common sense: the shorter the input, the easier it will be for a
>cracking program to guess it. Also, it's the entropy in the password, not
>the length, that matters.

Follow-Ups:
- RE: Length of pre-shared key
  - From: andrew.krywaniuk@alcatel.com

References:
- Length of pre-shared key
  - From: juha.ollila@nokia.com
- RE: Length of pre-shared key
  - From: "Andrew Krywaniuk" <andrew.krywaniuk@alcatel.com>

Prev by Date: Re: NAT Traversal
Next by Date: RE: Length of pre-shared key
Prev by thread: RE: Length of pre-shared key
Next by thread: RE: Length of pre-shared key
Index(es):
- Date
- Thread