[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: IKEv2 use of HMAC-SHA-1 for Key Derivation

To: "The Purple Streak, Hilarie Orman" <ho@alum.mit.edu>
Subject: Re: IKEv2 use of HMAC-SHA-1 for Key Derivation
From: Hugo Krawczyk <hugo@ee.technion.ac.il>
Date: Wed, 27 Nov 2002 07:45:30 +0200 (IST)
cc: housley@vigilsec.com, IPsec WG <ipsec@lists.tislabs.com>
In-Reply-To: <200211261723.gAQHNjf29469@localhost.localdomain>
Sender: owner-ipsec@lists.tislabs.com

Hilarie, can you  clarify what you mean by your comment below?
In particular, what is wrong if K is large and what 
do you mean by "blocksize" in this context?

Thanks,

Hugo

On Tue, 26 Nov 2002, The Purple Streak, Hilarie Orman wrote:

> The HMAC construction is not necessary for key derivation, but both
> methods are wrong if K is large (in size and entropy) and security
> requirements dictate that a derived key must have more entropy than
> 2^(blocksize).  This is a persistently misunderstood issue.
> 
> Hilarie
> 
>

References:
- Re: IKEv2 use of HMAC-SHA-1 for Key Derivation
  - From: "The Purple Streak, Hilarie Orman" <ho@alum.mit.edu>

Prev by Date: Re: IKEv2 use of HMAC-SHA-1 for Key Derivation
Next by Date: Re: ISAKMP SA message #1 (proposing attributes/transforms)
Prev by thread: Re: IKEv2 use of HMAC-SHA-1 for Key Derivation
Next by thread: Re: IKEv2 use of HMAC-SHA-1 for Key Derivation
Index(es):
- Date
- Thread