Other Directory Sites: SeekWonder | Directory Owners Forum
The following archive was created by hippie-mail 7.98617-22 on Sat Apr 10 1999 - 01:18:06
Marcus Watts (mdw@umich.edu)
Thu, 28 Jan 1999 06:45:11 -0500
You wrote:
> Date: Thu, 28 Jan 1999 09:48:12 +0100
> From: Mok-Kong Shen <mok-kong.shen@stud.uni-muenchen.de>
> To: CodherPlunks@toad.com
> Subject: A Method of Session Key Generation
>
> Generation of session keys appears to be comparatively little
> treated in the literature. I like to propose the following simple
> scheme:
>
> Hash all previously processed plaintexts. Encrypt the hash with
> a masterkey to obtain the current session key.
>
> Comments and critiques are sincerely solicited.
>
> M. K. Shen
Specific comments:
(1) in many applications the attacker can guess or
force the plaintext. Therefore, the plaintext
may not be a good source of secret entropy for
the session key.
(2) some applications don't have any plaintext,
or don't have a secure stateful environment in
which to remember a running hash of input seen.
(3) using a "master key" to encrypt a hash may make
the master key more vulnerable, if its use
is shared with anything else.
(4) it is not always the case in all applications that
both sides know a common secure "master key"
to use.
There are usually two cases where one might want to agree on
a session key:
(a) at the start of a session
This is normally tied up with authentication issues;
a useful by-product of many authentication schemes
is an initial shared private session key.
(b) in the middle of a session
both sides know who each other is, and may already
have an old or initial session key, and the problem
may merely be that of agreeing on a sub-session key
of more limited scope.
In general, deciding what algorithm to use for generating session
keys depends on the application. There is also a related problem,
key distribution, or making sure that the two ends agree on what
session key is to be used. There are two ways this can work:
(1) one side picks the key, and tells the other side what to use.
(2) both sides independently pick the same key, using
knowledge common to both, but hidden from
anyone else.
Case (1) is actually a special case of a cryptographically secure
PRNG. There is lots of stuff out there on how to do this.
The general problem is how to get enough entropy to generate
"true random" keys, and how to generate keys efficiently.
The "telling the other side what key to use" part is actually
a special case of the key distribution problem; normally one
already has some sort of shared secret that can be used to encrypt
the session key during transit.
Case (2) is a more generalized special case of the key distribution
problem. There's lots of stuff out there on this too. The
classical public key algorithm to use for this is Diffie-Hellman.
The classical symmetric key algorithm is Needham and Schroeder.
-Marcus Watts
UM ITD PD&D Umich Systems Group
The following archive was created by hippie-mail 7.98617-22 on Sat Apr 10 1999 - 01:18:06