Re: A Method of Session Key Generation

craig mcmillan (craig@jcp.co.uk)
Thu, 28 Jan 1999 16:42:00 +0000

• Next message: Mok-Kong Shen: "Re: A Method of Session Key Generation"
• Previous message: Jim Gillogly: "Re: A Method of Session Key Generation"
• Maybe in reply to: Mok-Kong Shen: "A Method of Session Key Generation"
• Next in thread: Mok-Kong Shen: "Re: A Method of Session Key Generation"

i suspect we're writing at cross-purposes. i was assuming a session goes
something like this:

1. begin plaintext conversation
2. negotiate secure mode / shared secret
3. generate session keys
4. use session keys to protect further conversation

with no state rollover between subsequent sessions. in this case you need
to include some entropy during negotiation, for use in session key generation.

c

At 17:22 28/01/99 +0100, Mok-Kong Shen wrote:
>craig mcmillan wrote:
>> you need to explicitly introduce some entropy into the
>> plaintext conversation used to negotiate the encrypted channel,
>> or you will lend up with the same session key each time. tls
>
>Would you please explain why the session key will end up to
>be constant, since each time an additional piece of text goes
>into the hash? Thank in advance.

pgp public key available from keyservers everywhere
key id: 0xE32C8445
fingerprint: 8F94 59A7 B7D3 50B7 9EE1 FB90 70E9 30A9 E32C 8445

• Next message: Mok-Kong Shen: "Re: A Method of Session Key Generation"
• Previous message: Jim Gillogly: "Re: A Method of Session Key Generation"
• Maybe in reply to: Mok-Kong Shen: "A Method of Session Key Generation"
• Next in thread: Mok-Kong Shen: "Re: A Method of Session Key Generation"