On Mon, Feb 26, 2001 at 07:00:04PM -0500, Andrew Archibald wrote:
> Hi,
>
> I'm implementing an application that uses Diffie-Hellman to do key
> agreement. Out of this process comes a shared secret bit string K. I also
> have a session ID S made up of all the public data that has been exchanged
> fed through a hash function. I need a number of shared secret keys which
> should be derived from these values in some way.
>
> How should I generate these secrets?

And sao19677, Paulo replied:

> Why don't you use KDF1? It's described in PKCS#1,
> I think.

Thank you for pointing that out. Turns out it's buried deep in PKCS5v2.0
(not available in ASCII from RSADSI, grr) section 5. They use a HMAC
construction, claiming that the proof of security for an HMAC works for
this, "with some stronger assumptions". Hmm. Well, I'm using it (or an
approximation thereof).

Thanks.
Andrew

(I apologize for replying only to my own post, not to yours, but I still
haven't managed to subscribe to coderpunks; I have been using the archive
at www.mail-archive.com)

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]