shared secret using diffie-hellman
Paul Crowley
paul at ciphergoth.org
Sun Jun 5 11:25:17 PDT 2005
Brad Fitzpatrick wrote:
> Okay, I'm back on track with you.
>
> Will think through details now that I'm not totally confused.
>
> For instance, if we do XOR the HMAC secret using the DH secret (which I'd
> much prefer over AES), then what do you do about padding/repeating if the
> HMAC secret and DH secret are different lengths? Things like that.
We hash the DH secret, and we make the HMAC secret be the same length -
might as well if we're using the same hash function.
I'm pretty sure that the hash of the DH secret is indistinguishable from
random in the random oracle model, so long as you never re-use x and y
at least, so this should be secure.
--
__
\/ o\ Paul Crowley, paul at ciphergoth.org
/\__/ http://www.ciphergoth.org/
More information about the yadis
mailing list