shared secret using diffie-hellman

Paul Crowley paul at ciphergoth.org
Sun Jun 5 11:25:17 PDT 2005


Brad Fitzpatrick wrote:
> Okay, I'm back on track with you.
> 
> Will think through details now that I'm not totally confused.
> 
> For instance, if we do XOR the HMAC secret using the DH secret (which I'd
> much prefer over AES), then what do you do about padding/repeating if the
> HMAC secret and DH secret are different lengths?  Things like that.

We hash the DH secret, and we make the HMAC secret be the same length - 
might as well if we're using the same hash function.

I'm pretty sure that the hash of the DH secret is indistinguishable from 
random in the random oracle model, so long as you never re-use x and y 
at least, so this should be secure.
-- 
   __
\/ o\ Paul Crowley, paul at ciphergoth.org
/\__/ http://www.ciphergoth.org/


More information about the yadis mailing list