Re: A Method of Session Key Generation

Mok-Kong Shen (mok-kong.shen@stud.uni-muenchen.de)
Thu, 28 Jan 1999 14:27:10 +0100

• Next message: David Jablon: "Re: A Method of Session Key Generation"
• Previous message: craig mcmillan: "Re: A Method of Session Key Generation"
• In reply to: Mok-Kong Shen: "A Method of Session Key Generation"
• Next in thread: craig mcmillan: "Re: A Method of Session Key Generation"

Marcus Watts wrote:
>
>
> Specific comments:
  ................................

Sincere thanks for pointing out the limitations of the scheme.
Here some tiny attempts of 'argumentation':

1. In certain environments authentication may not be necessary or
   feasible (e.g. the partners don't have the public key technology).
   So there can be value if session keys need not be negotiated
   or otherwise acquired before sending of messages.

2. What I denoted as masterkey need not necessarily be a very long
   durated key. It can also be other kinds of shared secret. It
   is only required to be able to encrypt the hash.

3. If lack of entropy is a concern, one could arrange to have the
   messages contain pointers to other (publically accessible, not
   encrypted) texts, thus obtaining longer effective message
   lengths.
   
M. K. Shen

• Next message: David Jablon: "Re: A Method of Session Key Generation"
• Previous message: craig mcmillan: "Re: A Method of Session Key Generation"
• In reply to: Mok-Kong Shen: "A Method of Session Key Generation"
• Next in thread: craig mcmillan: "Re: A Method of Session Key Generation"