[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Cfrg] draft-housley-ccm-mode-00.txt

To: David Wagner <daw@cs.berkeley.edu>
Subject: Re: [Cfrg] draft-housley-ccm-mode-00.txt
From: "Housley, Russ" <rhousley@rsasecurity.com>
Date: Fri, 16 Aug 2002 16:33:16 -0400
Cc: Ge.Weijers@Sun.COM, daw@mozart.cs.berkeley.edu, cfrg@ietf.org
In-Reply-To: <200208161707.g7GH7HO10814@mozart.cs.berkeley.edu>
List-Id: Crypto Forum Research Group <cfrg.ietf.org>
References: <3D5D2D7A.1000508@sun.com>
Sender: cfrg-admin@ietf.org

David:

This requires the implementation to compute the key schedules for two 
keys.  In low end devices, storing these key schedules consumes significant 
memory, or recomputing them consumes significant cycles.  Neither is 
desirable in such devices.

Russ

At 10:07 AM 8/16/2002 -0700, David Wagner wrote:
> > An advantage I can see is the use of the same key for both
> > authentication and encryption. [...] Using the same key
> > halves the key storage requirements for an 802.11 base station.
>
>It is easy to achieve the same thing with the standard generic
>composition.  You pick a 128-bit key, and derive the encryption and
>authentication keys separately using a PRF: Ke = F_K(0), Ka = F_K(1).
>This is all very standard, and is done in IPSec and TLS, for instance.
>So I don't see this as an advantage or an disadvantage.
>
>_______________________________________________
>Cfrg mailing list
>Cfrg@ietf.org
>https://www1.ietf.org/mailman/listinfo/cfrg

_______________________________________________
Cfrg mailing list
Cfrg@ietf.org
https://www1.ietf.org/mailman/listinfo/cfrg

References:
- Re: [Cfrg] draft-housley-ccm-mode-00.txt
  - From: Gé Weijers
- Re: [Cfrg] draft-housley-ccm-mode-00.txt
  - From: David Wagner

Prev by Date: Re: [Cfrg] draft-housley-ccm-mode-00.txt
Next by Date: Re: [Cfrg] draft-housley-ccm-mode-00.txt
Previous by thread: Re: [Cfrg] draft-housley-ccm-mode-00.txt
Next by thread: Re: [Cfrg] draft-housley-ccm-mode-00.txt
Index(es):
- Date
- Thread