[freenet-dev] Generating more keys from JFK
Matthew Toseland
toad at amphibian.dyndns.org
Tue Feb 5 11:03:29 UTC 2008
NewPacketFormat assumes that we can generate as many keys as we want from JFK
securely. Is this true? JFK uses an HMAC with 0, 1, or 2, to generate the
session key or the 2 internal keys it uses, but does not explicitly document
the option to generate more keys by incrementing that number - and it refers
to IKE key extension if you need more bits (it does *not* say increment the
number and stick them together, as you might expect). Is it safe to do what
we have planned, to get separate keys for each direction and in
NewPacketFormat for the IV key and HMAC key?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://emu.freenetproject.org/pipermail/devl/attachments/20080205/55852608/attachment.pgp
More information about the Devl
mailing list