[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: pre-shared key v RSA encryption or RSA signature authentication modes
I don't think the protocol itself has the limitation on the length of
preshare key. so the answer shouldn't be RSA-sig is stronger, but preshare
key could allow users to use weaker entropy.
Michael
> -----Original Message-----
> From: Derek Atkins [mailto:warlord@mit.edu]
> Sent: Thursday, March 21, 2002 8:40 AM
> To: Uri Blumenthal
> Cc: Prof. Ahmed A. A. Adas; cdemar@ebsdr.com; ipsec@lists.tislabs.com
> Subject: Re: pre-shared key v RSA encryption or RSA signature
> authentication modes
>
>
> The fact that most users wont have a shared secret with 256 bits of
> entropy? I suspect that most shared secrets are probably in the 64-80
> bits of entropy at the highest, and probably much lower than that.
>
> Based on the lack of entropy in shared secrets, I believe RSA sigs
> to be much stronger due to the better entropy in the key.
>
> -derek
>
> Uri Blumenthal <uri@lucent.com> writes:
>
> > "Prof. Ahmed A. A. Adas" wrote:
> > > As a researcher in cryptosystems and protocols, I would
> say that RSA-sig IKE
> > > is much more powerful unless someone is using quantum
> computing attacks,
> > > which are not feasible in the near future.
> >
> > It is comparing apples with oranges. The conclusion appears
> > incorrect,
> > and way too generalizing [without due justification].
> >
> > Please explain - based on what is, say 2048-bit RSA-sig
> stronger than,
> > say 256-bit key-based AES-XCBC-MAC signature? What is your criteria?
> > What attacks are you considering? What is your model?
> > --
> > Regards,
> > Uri
> > -=-=-=<>=-=-
> > <Disclaimer>
>
> --
> Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
> Member, MIT Student Information Processing Board (SIPB)
> URL: http://web.mit.edu/warlord/ PP-ASEL-IA N1NWH
> warlord@MIT.EDU PGP key available
>