Re: A Method of Session Key Generation

Mok-Kong Shen (mok-kong.shen@stud.uni-muenchen.de)
Fri, 29 Jan 1999 10:03:51 +0100

• Next message: Jim Gillogly: "Re: A Method of Session Key Generation"
• Previous message: Mok-Kong Shen: "Re: A Method of Session Key Generation"
• In reply to: Jim Gillogly: "Re: A Method of Session Key Generation"
• Next in thread: David R. Conrad: "Re: A Method of Session Key Generation"

bram wrote:
>
> A certain person who obviously hasn't been paying attention asked about
> session key generation.
>
> The answer is use a CSPRNG. This has been discussed here a *lot* already.
>
> There's a more subtle problem of what to do when your counterparty doesn't
> trust you to have a good source of entropy. That problem can be fixed by
> having certificates from third parties saying 'I gave some random bits to
> party x at time y using his public key'. The exact details of what sets of
> such certificates are acceptable to begin a session are, of course, an
> implementation problem, but a very non-trivial one.

In principle any good scheme of generating session key is o.k.
However, involving the previous plaintexts serves also as sort
of acknowledgement that all communicatins up to the current
time point are in order, which I suppose is not obtained with
a PRNG alone. Certainly one could add a pseudo-random number
to the hash value, if entropy is a concern. With respect to
third party I should perhaps say that one thought behind the
scheme is to void the public key technology (hence the third party).
I am not sure I am doing right. Your critiques are sincerely
solicited.

M. K. Shen

• Next message: Jim Gillogly: "Re: A Method of Session Key Generation"
• Previous message: Mok-Kong Shen: "Re: A Method of Session Key Generation"
• In reply to: Jim Gillogly: "Re: A Method of Session Key Generation"
• Next in thread: David R. Conrad: "Re: A Method of Session Key Generation"