[114833] in cryptography@c2.net mail archive
Re: questions on RFC2631 and DH key agreement
daemon@ATHENA.MIT.EDU (' =JeffH ')
Sat Feb 9 20:04:57 2008
To: hal@finney.org ("Hal Finney"),
Eric Rescorla <ekr@networkresonance.com>, pgut001@cs.auckland.ac.nz,
"Joseph Ashwood" <ashwood@msn.com>
cc: Jeff.Hodges@KingsMountain.com, cryptography@metzdowd.com
In-reply-to: hal@finney.org ("Hal Finney") 's message of
Thu, 07 Feb 2008 11:16:15 -0800
Reply-to: ' =JeffH ' <Jeff.Hodges@KingsMountain.com>
From: ' =JeffH ' <Jeff.Hodges@KingsMountain.com>
Date: Thu, 07 Feb 2008 14:17:31 -0800
I think I already know the answer to this question, but I just want to test my
understanding...
How wise (in a real-world sense) is it, in a protocol specification, to
specify that one simply obtain an ostensibly random value, and then use that
value directly as the signature key in, say, an HMAC-based signature, without
any further stipulated checking and/or massaging of the value before such use?
E.g., here's such a specfication excerpt and is absolutely everything said in
the spec wrt obtaining said signature keys:
When generating MAC keys, the recommendations in [RFC1750] SHOULD be
followed.
...
The quality of the protection provided by the MAC depends on the randomness
of
the shared MAC key, so it is important that an unguessable value be used.
How (un)wise is this, in a real-world sense?
[yes, I'm aware that using a only a SHOULD here leaves a huge door open
compliance-wise, but that's a different issue]
thanks,
=JeffH
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
