Other Directory Sites: SeekWonder | Directory Owners Forum
The following archive was created by hippie-mail 7.98617-22 on Sat Apr 10 1999 - 01:18:06
David R. Conrad (drc@adni.net)
Sun, 31 Jan 1999 03:53:30 -0500 (EST)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Thu, 28 Jan 1999, bram wrote:
> A certain person who obviously hasn't been paying attention asked about
> session key generation.
>
> The answer is use a CSPRNG. This has been discussed here a *lot* already.
>
> There's a more subtle problem of what to do when your counterparty doesn't
> trust you to have a good source of entropy. That problem can be fixed by
> having certificates from third parties saying 'I gave some random bits to
> party x at time y using his public key'. The exact details of what sets of
> such certificates are acceptable to begin a session are, of course, an
> implementation problem, but a very non-trivial one.
For an online protocol, Alice and Bob both generate a random N-bit session
key. They then exchange them (hey, they must have already had some method
in mind to transfer the one). The N-bit session key they use is the XOR
of the two keys they chose.
As long as at least one of them had some decent entropy, they're fine.
David R. Conrad <drc@adni.net> PGP keys and fingerprints:
DSS Fingerprint20 = 9942 E27C 3966 9FB8 5058 73A4 83CE 62EF 1993 E1AE
RSA Fingerprint16 = 1D F2 F3 90 DA CA 35 5D 91 E4 09 45 95 C8 20 F1
This message brought to you by the letter '6' and the number 0xDEADBEEF.
-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 5.0i for non-commercial use
Charset: noconv
iQA/AwUBNrQaJ4POYu8Zk+GuEQI1iwCffbTk6VTc6qTjmfy1hiMNJpZp3b8AoO0T
mXPcnqxNVzWO0iyUtiNc3AJg
=0reh
-----END PGP SIGNATURE-----
The following archive was created by hippie-mail 7.98617-22 on Sat Apr 10 1999 - 01:18:06