[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Cfrg] RE: KDF algorithm and properties

To: <cfrg at ietf.org>
Subject: [Cfrg] RE: KDF algorithm and properties
From: "Allen Pulsifer" <pulsifer3 at comcast.net>
Date: Thu, 27 Oct 2005 13:24:37 -0400
Importance: Normal
List-help: <mailto:cfrg-request@ietf.org?subject=help>
List-id: Crypto Forum Research Group <cfrg.ietf.org>
List-post: <mailto:cfrg@ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@ietf.org?subject=unsubscribe>
Sender: cfrg-bounces at ietf.org

> It is an improvement on the PRF used in SSH 
> because the secret is protected by HMAC, which is more secure 
> than an unpadded hash.

Just to follow up on that last sentence, if you are going to keep the secret
around and use it later to derive more keys, then you want to protect its
secrecy.  For this reason, the secret should be used as the key in an HMAC
rather than placing it into an unpadded hash, since the HMAC has been proven
to protect the secrecy of its key.

Allen


_______________________________________________
Cfrg mailing list
Cfrg at ietf.org
https://www1.ietf.org/mailman/listinfo/cfrg

Prev by Date: RE: KDF definition and goal [was: [Cfrg] Fwd: Hash-Based Key Derivation]
Next by Date: KDF definition and goal [was: [Cfrg] Fwd: Hash-Based Key Derivation]
Previous by thread: [Cfrg] KDF algorithm and properties
Next by thread: [Cfrg] KDF: Randomness extraction vs. key expansion
Index(es):
- Date
- Thread