[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: pre-shared key v RSA encryption or RSA signature authentication modes

To: uri@lucent.com
Subject: RE: pre-shared key v RSA encryption or RSA signature authentication modes
From: cdemar@ebsdr.com
Date: Thu, 21 Mar 2002 17:19:08 +0000
Cc: ipsec@lists.tislabs.com
Sender: owner-ipsec@lists.tislabs.com

All, 

Thanks for the answers ... Uri is actually right that I'm searching for a 
comparison between RSa-enc and pre-shared key in the scope of IKE 
authentication. I'm not trying to compare asymm v symm algorithms.
The fact is that IKE-phase1 exchanges compile different material whether we 
are doing pre-shared-key or RSA-enc. The first exchanges of IKE main mode are 
also different whether we use preshared-key or RSA-enc. This generated 
material (SKEY_ID), SKEYID_d, SKEYID_e,SKEYID_a are different and used 
differently whether we use RSA-enc or preshared-key. The question is: Is the 
authentication in IKE MainMode stronger when using RSA-enc than when using 
preshared-key ???
And I don't this has anything to do with the strength of RSA-enc v symmetric 
algo  ...
Any pointers are welcome,
Many thanks,

Claudine

 -----Original Message-----
From: 	uri@lucent.com [mailto:uri@lucent.com] 
Sent:	Thursday, March 21, 2002 5:09 PM
To:	warlord@mit.edu
Cc:	alaadas@kaau.edu.sa; Demar, Claudine; ipsec@lists.tislabs.com
Subject:	Re: pre-shared key v RSA encryption or RSA signature authentication  
 modes

Derek Atkins wrote:
> The fact that most users wont have a shared secret
> with 256 bits of entropy? A good point. However:

> I suspect that most shared secrets are probably in the 64-80
> bits of entropy at the highest, and probably much lower than
> that.

A good point, certainly. But I don't see all that much in
common between, say, Unix passwords and IPsec pre-shared
keys.

IPsec implementations I'm aware of, don't take an ASCII
password, but require a reasonably long key.

Plus, a few years ago I saw a strength comparison table,
that listed relative strength of PK and symmetric key length.
Can you help me finding that one? It compares symmetric,
RSA, EC, and [if memory serves me] DSA-El-Gamal.
 For example, my shared secrets are 128-bit long. Granted,
not 256 bits, but still stronger than a typical RSA sig
of 1024 bits (assording to that table as I remember)...

> Based on the lack of entropy in shared secrets, I believe RSA sigs
> to be much stronger due to the better entropy in the key.

Again, this sounds misleading. It's not "shared secrets" that lack
entropy. It's a certain type of shared secrets - derived from [more or less 
short] passwords, that lacks entropy. Not enough justification to "condemn" 
the whole symmetric
key approach, especially since the original question
was about IPsec authentication (as I read it).
--
Regards,
Uri
-=-=-=<>=-=-
<Disclaimer>

Follow-Ups:
- Re: pre-shared key v RSA encryption or RSA signature authentication modes
  - From: Uri Blumenthal <uri@lucent.com>
- RE: pre-shared key v RSA encryption or RSA signature authentication modes
  - From: "Andrew Krywaniuk" <andrew.krywaniuk@alcatel.com>

Prev by Date: Re: pre-shared key v RSA encryption or RSA signature authentication modes
Next by Date: Re: pre-shared key v RSA encryption or RSA signature authentication modes
Prev by thread: Bake-Off Anyone?
Next by thread: Re: pre-shared key v RSA encryption or RSA signature authentication modes
Index(es):
- Date
- Thread