Re: pre-shared key v RSA encryption or RSA signature authentication modes

[David Jablon <dpj@xxxxxxxxxxxx>]

If what you say is true, then the current shared-secret protocol for
IKE seems like a very bad mismatch for applications that require
use of shared-secret passwords or other man-handled keying material.

-- David

At 12:19 PM 3/21/2002 -0500, Derek Atkins wrote:
> Yes, the low entropy of shared secrets is due to the fact
> that most of them are derived from short or weak passwords.
> If you have a 128-256 bit random key for a shared secret, you
> have the problem of transmitting that secret confidentially
> between the hosts.  If you use RSA, then all you need is
> integrity across the distribution channel.
>
> -derek
>
> David Jablon <dpj@xxxxxxxxxxxx> writes:
>
> > Derek,
> >
> > Is the limited entropy of the shared secret due to the fact that
> > it is simply a hash of a password?  If so, then perhaps the current
> > simplistic shared-secret key protocol is not such a good fit for these
> > common shared-secret password applications.
> >
> > -- David
> >
> > At 11:39 AM 3/21/2002 -0500, Derek Atkins wrote:
> > >The fact that most users wont have a shared secret with 256 bits of
> > >entropy?  I suspect that most shared secrets are probably in the 64-80
> > >bits of entropy at the highest, and probably much lower than that.
> >
> >
>
> --
>        Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
>        Member, MIT Student Information Processing Board  (SIPB)
>        URL: http://web.mit.edu/warlord/    PP-ASEL-IA     N1NWH
>        warlord@xxxxxxx                        PGP key available