Re: A Method of Session Key Generation

Mok-Kong Shen (mok-kong.shen@stud.uni-muenchen.de)
Fri, 29 Jan 1999 09:50:35 +0100

• Next message: Mok-Kong Shen: "Re: A Method of Session Key Generation"
• Previous message: bram: "Re: remailer + linux traficshaper"
• In reply to: DanielC: "remailer + linux traficshaper"
• Next in thread: Jim Gillogly: "Re: A Method of Session Key Generation"

Jim Gillogly wrote:

> Whether inferring the master key is easy or hard, the point is that
> the security of the system under this assumption (known plaintext)
> is dependent solely on the master key, and there is no more security
> applying it to hashes than applying it to a well-known value such
> as a counter representing the number of the message or a nonce given
> at the beginning of the message itself. Given that the security is
> reduced to that of the master key and cipher, why go to the trouble
> of hashing previous plaintexts? You're trusting the strength of the
> cipher used for master key -> session key conversion anyway, so you
> may as well trust it for the known plaintext case as well, and skip
> the extra computations and complications, which do not buy you any
> extra protection in the known plaintext case.

I'll attempt to answer your question. One thought behind the scheme
is that, if the system as a whole is not broken, then using the
correct key can serve as sort of authentification. I am not sure
I am justified though. Please correct me if I am wrong. An additional
remark is that the hash function can be chosen to offer another
level of security (over than that of the master key).

M. K. Shen

• Next message: Mok-Kong Shen: "Re: A Method of Session Key Generation"
• Previous message: bram: "Re: remailer + linux traficshaper"
• In reply to: DanielC: "remailer + linux traficshaper"
• Next in thread: Jim Gillogly: "Re: A Method of Session Key Generation"