questions on RFC2631 and DH key agreement

' =JeffH ' Jeff.Hodges at KingsMountain.com
Fri Feb 8 13:02:46 EST 2008


> > E.g., here's such a specfication excerpt and is absolutely everything said in 
> > the spec wrt obtaining said signature keys:
> >
> >   When generating MAC keys, the recommendations in [RFC1750] SHOULD be 
> > followed.
> 
> One point, RFC1750 has been superceded by RFC4086.

I'll point that out, thanks.


> >   ...
> >   The quality of the protection provided by the MAC depends on the randomness of
> >   the shared MAC key, so it is important that an unguessable value be used.
> >
> > How (un)wise is this, in a real-world sense? 
> 
> It seems pretty reasonable to me. They are referring to an RFC with
> lots of good advice about random number generators, and they emphasize
> that the key value should be unguessable. It's probably out of scope to
> go into a lot more detail than that. Referring to other standards like
> RFC1750/4086 is the right way to handle this kind of issue.

agreed (thx for the ptr to RFC4880) after doing some further reading and such. 
RFC4086 covers the notion of "mixing functions" etc, so the above-quoted 
SHOULD statement covers those bases.



> I am the co-author of the OpenPGP Standard, RFC4880. All we say is:
> 
>        The sending OpenPGP generates a random number to be used as a
>        session key for this message only.
> 
> and
> 
>    * Certain operations in this specification involve the use of random
>      numbers.  An appropriate entropy source should be used to generate
>      these numbers (see [RFC4086]).
> 
> Not all that different in thrust than the spec you are looking at.


agreed, thanks again.



=JeffH


---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com



More information about the cryptography mailing list