W3C home > Mailing lists > Public > ietf-tls@w3.org > July to September 1996

Re: Passphrases in or out

From: Bennet Yee <bsy@cs.ucsd.edu>
Date: Mon, 05 Aug 1996 16:19:01 -0700
Message-Id: <199608052319.QAA26476@work.ucsd.edu>
To: Steve Petri <petri@litronic.com>
cc: ietf-tls@w3.org
Steve,

Yes, the MAC key is derived using assymetric cryptography.  In pricinple,
however, it does not matter how it is derived -- if it is a shared key that
is only known to the sender and receiver, then the security of the MAC would
still hold.

I'm afraid, upon rereading your original message, that I may have answered
a slightly different question than that which you had posed.  It is true
that if the key choice is not good, then eavesdroppers may use the traffic
in an off-line dictionary attack to recover the key.  I was addressing a
different question, that of whether assymetric cryptography is required to
perform such an authentication -- which is why I added at the end that
users must chose passphrases with enough entropy.

My apologies for misunderstanding your question.

-bsy

--------
Bennet S. Yee		Phone: +1 619 534 4614	    Email: bsy@cs.ucsd.edu

Web:	http://www-cse.ucsd.edu/users/bsy/
USPS:	Dept of Comp Sci and Eng, 0114, UC San Diego, La Jolla, CA 92093-0114
Received on Monday, 5 August 1996 19:19:14 EDT

This archive was generated by hypermail pre-2.1.9 : Wednesday, 24 September 2003 06:34:51 EDT