Re: deriving keying material from the shared secret

Uri Blumenthal <uri@watson.ibm.com> Tue, 09 July 1996 15:07 UTC

Received: from relay.tis.com by neptune.TIS.COM id aa09132; 9 Jul 96 11:07 EDT
Received: by relay.tis.com; id LAA03491; Tue, 9 Jul 1996 11:09:28 -0400
Received: from sol.tis.com(192.33.112.100) by relay.tis.com via smap (V3.1.1) id xma003468; Tue, 9 Jul 96 11:08:54 -0400
Received: from relay.tis.com by tis.com (4.1/SUN-5.64) id AA01007; Tue, 9 Jul 96 11:08:43 EDT
Received: by relay.tis.com; id LAA03456; Tue, 9 Jul 1996 11:08:53 -0400
Received: from igw2.watson.ibm.com(129.34.139.6) by relay.tis.com via smap (V3.1.1) id xma003440; Tue, 9 Jul 96 11:08:34 -0400
Received: from hawpub.watson.ibm.com (hawpub.watson.ibm.com [9.2.90.19]) by igw2.watson.ibm.com (8.7.4/8.7.1) with SMTP id LAA19706; Tue, 9 Jul 1996 11:11:26 -0400
Received: by hawpub.watson.ibm.com (AIX 3.2/UCB 5.64/5/18/96) id AA42227; Tue, 9 Jul 1996 11:10:59 -0400
From: Uri Blumenthal <uri@watson.ibm.com>
Message-Id: <9607091510.AA42227@hawpub.watson.ibm.com>
Subject: Re: deriving keying material from the shared secret
To: karn@qualcomm.com
Date: Tue, 09 Jul 1996 11:10:59 -0400
Cc: ipsec@TIS.COM
In-Reply-To: <199607090459.VAA14902@unix.ka9q.ampr.org> from "Phil Karn" at Jul 8, 96 09:59:44 pm
Reply-To: uri@watson.ibm.com
X-Mailer: ELM [version 2.4 PL25]
Content-Type: text
Sender: ipsec-approval@neptune.tis.com
Precedence: bulk

Phil Karn says:
> How critical is the particular hash method used to produce the key
> from the shared secret?

Cannot answer this one - but hash should be stronger than the algorithm(s)
that use the derived key, and hopefully enjoy the same level of trust...

> Too critical to just specify a particular hash
> method for fear that it might become compromised (e.g., MD5)?

I'd say - yes... Plus, it seems to me that there's little benefit
in narrowing the choices down to "one hash function for all"...
-- 
Regards,
Uri		uri@watson.ibm.com
-=-=-=-=-=-=-
<Disclaimer>