[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: comments on client auth

From: dpkemp@missi.ncsc.mil (David P. Kemp)
> It would be unfortunate if two totally unrelated users shared, by
> chance, the same keying material.  It would be more unfortunate if one
> or the other of them discovered this fact.

What do you mean by "keying material"?  The public (and therefore
secret) keys?  If so, this is not a reasonable concern.  If someone
could by accident stumble onto someone else's secret keys, then your
system is not secure.

If it were actually possible to generate the same key as someone else by
accident, then we would have attackers who did nothing but generate keys
until they matched someone else's.  Then they would be in a position to
wreak havoc.  No centralized key registry could prevent this.

Hal Finney