Jouni, Actually, the descriptions in chapter 6 are incorrect, and need be fixed to reflect the changes in chapter 4.
The KDF in chapter 4 was changed to allow PSKs of variable length and entropy. Using the PSK to directly key the KDF to generate the MK has problems because most KDFs have fixed-length inputs for keys. Imagine someone who uses a 50-character passphrase (English text has around 2.5 bits of entropy per character, so that's roughly a 128-bit secure key). If we follow what's currently in chapter 6, we truncate that to 16 bytes, which would only be 40 bits of security. Not a good thing. -- t. charles clancy, ph.d. <> [EMAIL PROTECTED] <> www.cs.umd.edu/~clancy On Sat, October 21, 2006 1:43 pm, Jouni Malinen wrote: > On Wed, Oct 18, 2006 at 03:50:02PM -0400, [EMAIL PROTECTED] wrote: >> Title : EAP Generalized Pre-Shared Key (EAP-GPSK) >> Author(s) : C. Clancy, H. Tschofenig >> Filename : draft-ietf-emu-eap-gpsk-00.txt > > While updating my implementation to the new draft, I noticed couple of > conflicts in how the key derivation is defined. Chapter 4 uses > KDF_Zero-String(PL || PSK | ...) to derive MK whereas 6.1.8 and 6.2.8 > use GKDF-#(PSK, ...). I would assume that the version in 6.1.8 and 6.2.8 > is the correct one and chapter 4 should be updated to match with this. > > Another difference is in whether CSuite_Sel is to be included in the > GKDF data field. Chapter 4 seems to include it (just before > inputString), but 6.1.8 and 6.2.8 do not. Should it be there or not? > > > The new draft is trying to fix the GKDF-X n (number of output blocks) > calculation, but that seems to have a typo of some sort. > > Now: n = int( X / size - 1 ) + 1; > > That doesn't make any sense since -1 and +1 are are cancelling eachother > and we are left with n = int( X / size ). > > I would assume that this was supposed to be taken into account rounding > up (ceiling) by using n = int( (X + size - 1) / size ) which could be > written as n = int( (X - 1) / size ) + 1. > > -- > Jouni Malinen PGP id EFC895FA > > _______________________________________________ > Emu mailing list > [email protected] > https://www1.ietf.org/mailman/listinfo/emu > _______________________________________________ Emu mailing list [email protected] https://www1.ietf.org/mailman/listinfo/emu
