Re: A Method of Session Key Generation

New Message Reply About this list Date view Thread view Subject view Author view

craig mcmillan (craig@jcp.co.uk)
Thu, 28 Jan 1999 13:32:13 +0000


examine the tls session keygen algorithm:

http://www.ietf.org/internet-drafts/draft-ietf-tls-protocol-06.txt

you need to explicitly introduce some entropy into the
plaintext conversation used to negotiate the encrypted channel,
or you will lend up with the same session key each time. tls
also combines the output from sha-1 and md5 hashes, in
the hope that should either, but not both, become insecure then
it's keygen algorithm will continue to be secure.

c

At 09:48 28/01/99 +0100, Mok-Kong Shen wrote:
>Generation of session keys appears to be comparatively little
>treated in the literature. I like to propose the following simple
>scheme:
>
> Hash all previously processed plaintexts. Encrypt the hash with
> a masterkey to obtain the current session key.

pgp public key available from keyservers everywhere
key id: 0xE32C8445
fingerprint: 8F94 59A7 B7D3 50B7 9EE1 FB90 70E9 30A9 E32C 8445


New Message Reply About this list Date view Thread view Subject view Author view

 
All trademarks and copyrights are the property of their respective owners.

Other Directory Sites: SeekWonder | Directory Owners Forum

The following archive was created by hippie-mail 7.98617-22 on Sat Apr 10 1999 - 01:18:06