[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: pre-shared key v RSA encryption or RSA signature authentication modes
If what you say is true, then the current shared-secret protocol for
IKE seems like a very bad mismatch for applications that require
use of shared-secret passwords or other man-handled keying material.
-- David
At 12:19 PM 3/21/2002 -0500, Derek Atkins wrote:
>Yes, the low entropy of shared secrets is due to the fact
>that most of them are derived from short or weak passwords.
>If you have a 128-256 bit random key for a shared secret, you
>have the problem of transmitting that secret confidentially
>between the hosts. If you use RSA, then all you need is
>integrity across the distribution channel.
>
>-derek
>
>David Jablon <dpj@theworld.com> writes:
>
> > Derek,
> >
> > Is the limited entropy of the shared secret due to the fact that
> > it is simply a hash of a password? If so, then perhaps the current
> > simplistic shared-secret key protocol is not such a good fit for these
> > common shared-secret password applications.
> >
> > -- David
> >
> > At 11:39 AM 3/21/2002 -0500, Derek Atkins wrote:
> > >The fact that most users wont have a shared secret with 256 bits of
> > >entropy? I suspect that most shared secrets are probably in the 64-80
> > >bits of entropy at the highest, and probably much lower than that.
> >
> >
>
>--
> Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
> Member, MIT Student Information Processing Board (SIPB)
> URL: http://web.mit.edu/warlord/ PP-ASEL-IA N1NWH
> warlord@MIT.EDU PGP key available