W3C home > Mailing lists > Public > ietf-tls@w3.org > July to September 1996

Re: Passphrases in or out

From: Steve Petri <petri@litronic.com>
Date: Mon, 05 Aug 1996 15:39:42 -0700
Message-Id: <3206782E.7576@litronic.com>
To: Bennet Yee <bsy@cs.ucsd.edu>
Cc: ietf-tls@w3.org

Thanks for your prompt response.  But I have one further question:

Bennet Yee wrote:
> Steve, using assymetric cryptography is not a necessary condition for
> distinguish between attackers and valid participants.
> The authentication hash proposed in the passauth3.txt that Tom
> Stephens just sent is a bit complicated.  I'll first simply point out
> that an attacker does not have the same information as the valid
> participants by a simple reduction to a previously solved problem,
> that of computing a MAC on a single message.
> We believe HMAC(k,m) = h(k,p2,(k,p1,m)) to be a good MAC on message m
> (where p1 and p2 are padding bytes necessary to bring (k,p1) and
> (k,p2) to full compression function argument boundaries).  k is a
> shared ``MAC key'', not known to eavesdroppers. 

But how is the shared ``MAC key'' communicated?  Using asym crypto?
Or is it derived from the shared password, in which case the attacker
could use a dictionary attack?

Or would, for example, all Compuserve subscribers have the same
shared MAC key and we assume the eavesdropper does not know it?

Steve Petri					petri@litronic.com
Litronic Industries				(714)545-6649
Received on Monday, 5 August 1996 18:40:19 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:17:11 UTC