[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: IKEv2 use of HMAC-SHA-1 for Key Derivation



The HMAC construction is not necessary for key derivation, but both
methods are wrong if K is large (in size and entropy) and security
requirements dictate that a derived key must have more entropy than
2^(blocksize).  This is a persistently misunderstood issue.

Hilarie