[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: pre-shared key v RSA encryption or RSA signature authentication modes

To: Derek Atkins <warlord@mit.edu>
Subject: Re: pre-shared key v RSA encryption or RSA signature authentication modes
From: David Jablon <dpj@theworld.com>
Date: Thu, 21 Mar 2002 13:37:03 -0500
Cc: Uri Blumenthal <uri@lucent.com>, "Prof. Ahmed A. A. Adas" <alaadas@kaau.edu.sa>, cdemar@ebsdr.com, ipsec@lists.tislabs.com
In-Reply-To: <sjmn0x125zz.fsf@kikki.mit.edu>
References: <5.1.0.14.0.20020321120852.00aee680@pop.theworld.com><3C9A0555.F8F7354A@lucent.com><TFSFRNDS@ebsdr.com><000701c1d0d9$cf43eb20$4969fea9@amanda2><3C9A0555.F8F7354A@lucent.com><5.1.0.14.0.20020321120852.00aee680@pop.theworld.com>
Sender: owner-ipsec@lists.tislabs.com

If what you say is true, then the current shared-secret protocol for
IKE seems like a very bad mismatch for applications that require
use of shared-secret passwords or other man-handled keying material.

-- David

At 12:19 PM 3/21/2002 -0500, Derek Atkins wrote:
>Yes, the low entropy of shared secrets is due to the fact
>that most of them are derived from short or weak passwords.
>If you have a 128-256 bit random key for a shared secret, you
>have the problem of transmitting that secret confidentially
>between the hosts.  If you use RSA, then all you need is
>integrity across the distribution channel.
>
>-derek
>
>David Jablon <dpj@theworld.com> writes:
>
> > Derek,
> >
> > Is the limited entropy of the shared secret due to the fact that
> > it is simply a hash of a password?  If so, then perhaps the current
> > simplistic shared-secret key protocol is not such a good fit for these
> > common shared-secret password applications.
> >
> > -- David
> >
> > At 11:39 AM 3/21/2002 -0500, Derek Atkins wrote:
> > >The fact that most users wont have a shared secret with 256 bits of
> > >entropy?  I suspect that most shared secrets are probably in the 64-80
> > >bits of entropy at the highest, and probably much lower than that.
> >
> >
>
>--
>        Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
>        Member, MIT Student Information Processing Board  (SIPB)
>        URL: http://web.mit.edu/warlord/    PP-ASEL-IA     N1NWH
>        warlord@MIT.EDU                        PGP key available

References:
- Re: pre-shared key v RSA encryption or RSA signature authentication modes
  - From: David Jablon <dpj@theworld.com>
- Re: pre-shared key v RSA encryption or RSA signature authentication modes
  - From: Uri Blumenthal <uri@lucent.com>
- pre-shared key v RSA encryption or RSA signature authentication modes
  - From: cdemar@ebsdr.com
- Re: pre-shared key v RSA encryption or RSA signature authentication modes
  - From: "Prof. Ahmed A. A. Adas" <alaadas@kaau.edu.sa>
- Re: pre-shared key v RSA encryption or RSA signature authentication modes
  - From: Derek Atkins <warlord@mit.edu>

Prev by Date: Re: pre-shared key v RSA encryption or RSA signature authentication modes
Next by Date: Re: QoS considerations
Prev by thread: Re: pre-shared key v RSA encryption or RSA signature authentication modes
Next by thread: Re: pre-shared key v RSA encryption or RSA signature authentication modes
Index(es):
- Date
- Thread