Re: A Method of Session Key Generation

New Message Reply About this list Date view Thread view Subject view Author view

Mok-Kong Shen (mok-kong.shen@stud.uni-muenchen.de)
Fri, 29 Jan 1999 10:03:51 +0100


bram wrote:
>
> A certain person who obviously hasn't been paying attention asked about
> session key generation.
>
> The answer is use a CSPRNG. This has been discussed here a *lot* already.
>
> There's a more subtle problem of what to do when your counterparty doesn't
> trust you to have a good source of entropy. That problem can be fixed by
> having certificates from third parties saying 'I gave some random bits to
> party x at time y using his public key'. The exact details of what sets of
> such certificates are acceptable to begin a session are, of course, an
> implementation problem, but a very non-trivial one.

In principle any good scheme of generating session key is o.k.
However, involving the previous plaintexts serves also as sort
of acknowledgement that all communicatins up to the current
time point are in order, which I suppose is not obtained with
a PRNG alone. Certainly one could add a pseudo-random number
to the hash value, if entropy is a concern. With respect to
third party I should perhaps say that one thought behind the
scheme is to void the public key technology (hence the third party).
I am not sure I am doing right. Your critiques are sincerely
solicited.

M. K. Shen


New Message Reply About this list Date view Thread view Subject view Author view

 
All trademarks and copyrights are the property of their respective owners.

Other Directory Sites: SeekWonder | Directory Owners Forum

The following archive was created by hippie-mail 7.98617-22 on Sat Apr 10 1999 - 01:18:06