[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: pre-shared key v RSA encryption or RSA signature authentication modes
All,
Thanks for the answers ... Uri is actually right that I'm searching for a
comparison between RSa-enc and pre-shared key in the scope of IKE
authentication. I'm not trying to compare asymm v symm algorithms.
The fact is that IKE-phase1 exchanges compile different material whether we
are doing pre-shared-key or RSA-enc. The first exchanges of IKE main mode are
also different whether we use preshared-key or RSA-enc. This generated
material (SKEY_ID), SKEYID_d, SKEYID_e,SKEYID_a are different and used
differently whether we use RSA-enc or preshared-key. The question is: Is the
authentication in IKE MainMode stronger when using RSA-enc than when using
preshared-key ???
And I don't this has anything to do with the strength of RSA-enc v symmetric
algo ...
Any pointers are welcome,
Many thanks,
Claudine
-----Original Message-----
From: uri@lucent.com [mailto:uri@lucent.com]
Sent: Thursday, March 21, 2002 5:09 PM
To: warlord@mit.edu
Cc: alaadas@kaau.edu.sa; Demar, Claudine; ipsec@lists.tislabs.com
Subject: Re: pre-shared key v RSA encryption or RSA signature authentication
modes
Derek Atkins wrote:
> The fact that most users wont have a shared secret
> with 256 bits of entropy? A good point. However:
> I suspect that most shared secrets are probably in the 64-80
> bits of entropy at the highest, and probably much lower than
> that.
A good point, certainly. But I don't see all that much in
common between, say, Unix passwords and IPsec pre-shared
keys.
IPsec implementations I'm aware of, don't take an ASCII
password, but require a reasonably long key.
Plus, a few years ago I saw a strength comparison table,
that listed relative strength of PK and symmetric key length.
Can you help me finding that one? It compares symmetric,
RSA, EC, and [if memory serves me] DSA-El-Gamal.
For example, my shared secrets are 128-bit long. Granted,
not 256 bits, but still stronger than a typical RSA sig
of 1024 bits (assording to that table as I remember)...
> Based on the lack of entropy in shared secrets, I believe RSA sigs
> to be much stronger due to the better entropy in the key.
Again, this sounds misleading. It's not "shared secrets" that lack
entropy. It's a certain type of shared secrets - derived from [more or less
short] passwords, that lacks entropy. Not enough justification to "condemn"
the whole symmetric
key approach, especially since the original question
was about IPsec authentication (as I read it).
--
Regards,
Uri
-=-=-=<>=-=-
<Disclaimer>