Re: A Method of Session Key Generation

Mok-Kong Shen (mok-kong.shen@stud.uni-muenchen.de)
Thu, 28 Jan 1999 20:15:00 +0100

• Next message: Jim Gillogly: "Re: A Method of Session Key Generation"
• Previous message: Markus Kuhn: "Pentium III serial number mechanism"
• In reply to: Markus Kuhn: "Re: Pentium III..."
• Next in thread: Jim Gillogly: "Re: A Method of Session Key Generation"

Jim Gillogly wrote:
>
>
> As with most security proposals, the efficacy depends largely on
> the threat model. For example, if you assume the enemy has access
> (perhaps delayed) to previous plaintexts (or their hash), then
> access to future plaintext depends only on the master key. Modern
> ciphers should be impervious to known plaintext attacks.

Thank you for the comments.

Yes. If the analyst has all the previous plaintexts, then there
is a problem. However, the masterkey is only applied to the
hash values which are short. Hence the inference of the masterkey
should not be easy (he must somehow obtained a large number of
session keys for doing that). Further, the master key need not
be constant but vary according to some schedule. Perhaps I should
say that the goal is to get a session key and send the message
rightaway. Maybe the scheme could be improved, though I have no idea
at the moment. Hints would be highly appreciated.

M. K. Shen

• Next message: Jim Gillogly: "Re: A Method of Session Key Generation"
• Previous message: Markus Kuhn: "Pentium III serial number mechanism"
• In reply to: Markus Kuhn: "Re: Pentium III..."
• Next in thread: Jim Gillogly: "Re: A Method of Session Key Generation"