[Authentication] Clarification of algorithm: dh-ietf1024-aes128-cbc-pkcs7

Stef Walter stefw at collabora.co.uk
Tue Dec 7 15:14:03 PST 2010


On 2010-12-05 02:31, Yaron Sheffer wrote:
> According to the RFC, the salt is not absolutely essential, but is
> highly recommended. One way to get it is for one of the peers to
> generate it (just a few random bytes) and send it during the DH exchange
> - I haven't looked at the code so I don't know how difficult this might be.

It's possible, but since the DH public key values are already completely
random it seems to me that it would add no additional security. But
crypto is unintuitive, and that's why I was asking.

> Also note that the RFC mentions that the salt should be
> integrity-protected ("public nonces exchanged and authenticated"). I
> suppose that we are relying on the dbus infrastructure for source
> authenticity and for traffic integrity, so this is not an issue in our
> case.

Yes, I would tend to agree.

Cheers,

Stef


More information about the Authentication mailing list