[Authentication] Clarification of algorithm: dh-ietf1024-aes128-cbc-pkcs7
Stef Walter
stefw at collabora.co.uk
Sat Dec 4 14:28:40 PST 2010
On 2010-11-27 14:49, Yaron Sheffer wrote:
> No matter how you do it, you'd want the hash algorithm to be part of the
> algorithm set for future algorithm agility, for example
> dh-ietf1024-*sha256*-aes128-cbc-pkcs7.
Makes sense.
> Also, HKDF is an operator (like HMAC), not an algorithm. In other words
> you can have HKDF-SHA1 or HKDF-SHA256.
Right.
I imagine using HKDG without salt is sufficiently strong in this
scenario. Is that right?
Cheers,
Stef
More information about the Authentication
mailing list