[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: pre-shared key v RSA encryption or RSA signature authentication modes

To: David Jablon <dpj@theworld.com>
Subject: Re: pre-shared key v RSA encryption or RSA signature authentication modes
From: Derek Atkins <warlord@mit.edu>
Date: 21 Mar 2002 12:19:27 -0500
Cc: Uri Blumenthal <uri@lucent.com>, "Prof. Ahmed A. A. Adas" <alaadas@kaau.edu.sa>, cdemar@ebsdr.com, ipsec@lists.tislabs.com
In-Reply-To: <5.1.0.14.0.20020321120852.00aee680@pop.theworld.com>
References: <3C9A0555.F8F7354A@lucent.com> <TFSFRNDS@ebsdr.com><000701c1d0d9$cf43eb20$4969fea9@amanda2><3C9A0555.F8F7354A@lucent.com><5.1.0.14.0.20020321120852.00aee680@pop.theworld.com>
Sender: owner-ipsec@lists.tislabs.com
User-Agent: Gnus/5.0808 (Gnus v5.8.8) Emacs/20.7

Yes, the low entropy of shared secrets is due to the fact
that most of them are derived from short or weak passwords.
If you have a 128-256 bit random key for a shared secret, you
have the problem of transmitting that secret confidentially
between the hosts.  If you use RSA, then all you need is
integrity across the distribution channel.

-derek

David Jablon <dpj@theworld.com> writes:

> Derek,
> 
> Is the limited entropy of the shared secret due to the fact that
> it is simply a hash of a password?  If so, then perhaps the current
> simplistic shared-secret key protocol is not such a good fit for these
> common shared-secret password applications.
> 
> -- David
> 
> At 11:39 AM 3/21/2002 -0500, Derek Atkins wrote:
> >The fact that most users wont have a shared secret with 256 bits of
> >entropy?  I suspect that most shared secrets are probably in the 64-80
> >bits of entropy at the highest, and probably much lower than that.
> 
> 

-- 
       Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
       Member, MIT Student Information Processing Board  (SIPB)
       URL: http://web.mit.edu/warlord/    PP-ASEL-IA     N1NWH
       warlord@MIT.EDU                        PGP key available

Follow-Ups:
- Re: pre-shared key v RSA encryption or RSA signature authentication modes
  - From: David Jablon <dpj@theworld.com>

References:
- Re: pre-shared key v RSA encryption or RSA signature authentication modes
  - From: Uri Blumenthal <uri@lucent.com>
- pre-shared key v RSA encryption or RSA signature authentication modes
  - From: cdemar@ebsdr.com
- Re: pre-shared key v RSA encryption or RSA signature authentication modes
  - From: "Prof. Ahmed A. A. Adas" <alaadas@kaau.edu.sa>
- Re: pre-shared key v RSA encryption or RSA signature authentication modes
  - From: David Jablon <dpj@theworld.com>

Prev by Date: RE: pre-shared key v RSA encryption or RSA signature authentication modes
Next by Date: RE: pre-shared key v RSA encryption or RSA signature authentication modes
Prev by thread: Re: pre-shared key v RSA encryption or RSA signature authentication modes
Next by thread: Re: pre-shared key v RSA encryption or RSA signature authentication modes
Index(es):
- Date
- Thread