[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: SOI QUESTIONS: 2.3 Perfect forward secrecy (PFS)
> >> Can they tell the difference? The length is a bit longer.
>
> Paul> A LOT longer. Long enough that -- unlike preshared
> keys -- you
> Paul> cannot enter them manually.
>
> Not compared to a decent shared secret.
We're talking factor of 10 here. Let's say someone impersonates the
responder and gets an HMAC keyed with your password. How many bits of
entropy do you need to feel secure? 80? 90? Remember that we normally
truncate HMACs at 96 bits anyway. Passwords don't need 20 year effective
security. For good token-based auth where the password is time-based, I
would feel secure with 20 bits of entropy. That's a factor of 50 compared to
a public key. 20-40 bits is very easy to type in, and I do it every day.
Andrew
-------------------------------------------
There are no rules, only regulations. Luckily,
history has shown that with time, hard work,
and lots of love, anyone can be a technocrat.
> -----Original Message-----
> From: owner-ipsec@lists.tislabs.com
> [mailto:owner-ipsec@lists.tislabs.com]On Behalf Of Michael Richardson
> Sent: Thursday, June 20, 2002 3:20 PM
> To: Paul Koning
> Cc: ipsec@lists.tislabs.com
> Subject: Re: SOI QUESTIONS: 2.3 Perfect forward secrecy (PFS)
>
>
> -----BEGIN PGP SIGNED MESSAGE-----
>
>
> >>>>> "Paul" == Paul Koning <pkoning@equallogic.com> writes:
> >> They migrate from distributing opaque blobs of hex
> digits that must be
> >> kept private to distributing opaque blobs of base64
> digits that do not
> >> benefit from staying private, but it doesn't hurt them either.
> >>
> >> Can they tell the difference? The length is a bit longer.
>
> Paul> A LOT longer. Long enough that -- unlike preshared
> keys -- you
> Paul> cannot enter them manually.
>
> Not compared to a decent shared secret. If you want to do
> passwords, fine.
> However, since they do not need to be kept secret, you can
> cut and paste.
> For the client system, typing stuff in is not the end of the
> world. Here is
> a 1024 bit public key:
>
>
> AwEAAZ7PeJWDMO69GjPbXWaN0UnHnNj3lANETIAtluJbpLfVeVpRubsYTru4kYxU
>
> K999Ga/23/Aw7mZrI+wQ3uhF36Tuxw76ls3FsgJuWxqdzLxlZxM8r/lXNGUftLPk
> fxbTwXgsfKcqhJCfraPLFH0QhCRVN56EW3Y91YCIMMyRAHbR
>
> I wouldn't want to do that every day, but it is doable. Babble format
> would do an even better job.
>
> Paul> True. But PK, even if all you ever use is
> selfsigned certs, still
> Paul> needs a lot more near-incomprehensible concepts
> than preshared keys
> Paul> do.
>
> Only if you write a poor interface.
>
> ] ON HUMILITY: to err is human. To moo, bovine.
> | firewalls [
> ] Michael Richardson, Sandelman Software Works, Ottawa, ON
> |net architect[
> ] mcr@sandelman.ottawa.on.ca
> http://www.sandelman.ottawa.on.ca/ |device driver[
> ] panic("Just another NetBSD/notebook using, kernel hacking,
> security guy"); [
>
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.0.7 (NetBSD)
> Comment: Finger me for keys
>
> iQCVAwUBPRIq14qHRg3pndX9AQHuqwP/QWhev3cT8CCiMqpYUTZQSqda6oZHeUMr
> DYlfu4FkFiXoYx5HWuj2MUEyZzabscvgwAIXlwCdnYlMD3QjFSgSeVpXm+RoXAON
> ZV915lqWjHmp5CjN9wg/MxhmMVvmfjoOQROVydr16ju0o163DnsVHlrhCueU5j1a
> tgb5ZMzZgC0=
> =4x2T
> -----END PGP SIGNATURE-----
>