Re: deriving keying material from the shared secret

Phil Karn <karn@unix.ka9q.ampr.org> Tue, 09 July 1996 04:57 UTC

Received: from relay.tis.com by neptune.TIS.COM id aa01336; 9 Jul 96 0:57 EDT
Received: by relay.tis.com; id AAA24390; Tue, 9 Jul 1996 00:59:40 -0400
Received: from sol.tis.com(192.33.112.100) by relay.tis.com via smap (V3.1.1) id xma024387; Tue, 9 Jul 96 00:59:11 -0400
Received: from relay.tis.com by tis.com (4.1/SUN-5.64) id AA10408; Tue, 9 Jul 96 00:59:00 EDT
Received: by relay.tis.com; id AAA24384; Tue, 9 Jul 1996 00:59:10 -0400
Received: from unix.ka9q.ampr.org(129.46.90.35) by relay.tis.com via smap (V3.1.1) id xma024382; Tue, 9 Jul 96 00:58:42 -0400
Received: (from karn@localhost) by unix.ka9q.ampr.org (8.7.3/8.6.12) id VAA14902; Mon, 8 Jul 1996 21:59:44 -0700 (PDT)
Date: Mon, 08 Jul 1996 21:59:44 -0700
Message-Id: <199607090459.VAA14902@unix.ka9q.ampr.org>
From: Phil Karn <karn@unix.ka9q.ampr.org>
To: ho@earth.hpc.org
Cc: smb@research.att.com, ipsec@TIS.COM
In-Reply-To: <199607011355.JAA04896@earth.hpc.org> (message from Hilarie Orman on Mon, 1 Jul 1996 09:55:13 -0400)
Subject: Re: deriving keying material from the shared secret
Reply-To: karn@qualcomm.com
Sender: ipsec-approval@neptune.tis.com
Precedence: bulk

How critical is the particular hash method used to produce the key
from the shared secret? Too critical to just specify a particular hash
method for fear that it might become compromised (e.g., MD5)?

Phil