- From: Steve Petri <petri@litronic.com>
- Date: Mon, 05 Aug 1996 15:39:42 -0700
- To: Bennet Yee <bsy@cs.ucsd.edu>
- Cc: ietf-tls@w3.org
Bennet, Thanks for your prompt response. But I have one further question: Bennet Yee wrote: > > Steve, using assymetric cryptography is not a necessary condition for > distinguish between attackers and valid participants. > > The authentication hash proposed in the passauth3.txt that Tom > Stephens just sent is a bit complicated. I'll first simply point out > that an attacker does not have the same information as the valid > participants by a simple reduction to a previously solved problem, > that of computing a MAC on a single message. > > We believe HMAC(k,m) = h(k,p2,(k,p1,m)) to be a good MAC on message m > (where p1 and p2 are padding bytes necessary to bring (k,p1) and > (k,p2) to full compression function argument boundaries). k is a > shared ``MAC key'', not known to eavesdroppers. But how is the shared ``MAC key'' communicated? Using asym crypto? Or is it derived from the shared password, in which case the attacker could use a dictionary attack? Or would, for example, all Compuserve subscribers have the same shared MAC key and we assume the eavesdropper does not know it? Thanks, Steve Petri petri@litronic.com Litronic Industries (714)545-6649
Received on Monday, 5 August 1996 18:40:19 UTC