[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Use of AES as prf in IKEv2

To: Charlie_Kaufman@notesdev.ibm.com
Subject: Re: Use of AES as prf in IKEv2
From: Hugo Krawczyk <hugo@ee.technion.ac.il>
Date: Sat, 22 Mar 2003 01:19:20 +0200 (IST)
cc: ipsec@lists.tislabs.com
In-Reply-To: <OF4254DC4D.D427CDC5-ON85256CEE.000176AF-85256CEE.0001D78C@notesdev.ibm.com>
Sender: owner-ipsec@lists.tislabs.com

Charlie,

instead of stating that "if either nonce is shorter than half the fixed
length key that it be padded with zero bits." why not state that nonces 
MUST be at least of half the length of the prf key? 
This is not an onerous requirement and avoids accepting as "legal" the bad
practice of padding a short cryptographic key with 0s.

In a related issue, I'd also require the pre-shared key, Shared Secret,
to be (at least) of the length of the prf key (again to avoid padding
with zeros).

Hugo

On Tue, 18 Mar 2003 Charlie_Kaufman@notesdev.ibm.com wrote:

> 
> 
> 
> 
> Having seen the alternatives, I withdraw my earlier objection to Hugo's
> proposal for dealing with prf functions with fixed length keys. His
> recommendation was that if the prf takes a fixed length key, we take the
> first bits of the initiator's nonce as the first half and the first bits of
> the responder's nonce as the second half. Not part of his suggestion, but
> to make the proposal fully specified in all cases, I'd add that if either
> nonce is shorter than half the fixed length key that it be padded with zero
> bits.
> 
> Does anyone object?
> 
>           --Charlie
> 
> Opinions expressed may not even be mine by the time you read them, and
> certainly don't reflect those of any other entity (legal or otherwise).
> 
>

References:
- Re: Use of AES as prf in IKEv2
  - From: Charlie_Kaufman@notesdev.ibm.com

Prev by Date: Re: AES-based PRF for IKEv2
Next by Date: Re: Do ipsec vendors care about privacy?
Prev by thread: Re: Use of AES as prf in IKEv2
Next by thread: Re: Use of AES as prf in IKEv2
Index(es):
- Date
- Thread