RE: Length of pre-shared key

[andrew.krywaniuk@alcatel.com]

    (1) append zeros to the end of K to create a B byte string
        (e.g., if K is of length 20 bytes and B=64, then K will be
         appended with 44 zero bytes 0x00)

It's not a very fancy stretching technique, and admittedly unrelated to the
length of the hash output (I meant to say block size).

Sorry about using the word password instead of key. It's just that I speak
binary. :-)

Andrew
-------------------------------------------
There are no rules, only regulations. Luckily,
history has shown that with time, hard work,
and lots of love, anyone can be a technocrat.



> -----Original Message-----
> From: David Jablon [mailto:dpj@world.std.com]
> Sent: Monday, February 25, 2002 9:49 PM
> To: andrew.krywaniuk@alcatel.com
> Cc: juha.ollila@nokia.com; ipsec@lists.tislabs.com
> Subject: RE: Length of pre-shared key
>
>
> I don't see anywhere that RFC 2104 says anything about "stretch"ing
> a short input key into a longer one.  What it does is to hash
> (squeeze?)
> a key that's longer than 64 bytes into a hash block.
>
> Also, one should not confuse a password with a key in this context.
>
> At 02:17 PM 2/25/02 -0500, Andrew Krywaniuk wrote:
> >I don't think there is a specific limit. After all, HMAC
> tells you how to
> >stretch the input if it is less that the size of the hash
> output. But use
> >your common sense: the shorter the input, the easier it will be for a
> >cracking program to guess it. Also, it's the entropy in the
> password, not
> >the length, that matters.
>
>
>