----- Original Message ----- From: "Johannes Merkle" <[email protected]> To: "t.petch" <[email protected]>; "Warren Kumari" <[email protected]> Cc: <[email protected]>; "Scott Bradner" <[email protected]> Sent: Tuesday, February 17, 2015 1:53 PM
> Tom, > > >>> > > s9.2 > >>> > > is it the length of the key that gives it strength or its entropy? > >>> > > Is abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd0004 > >>> > > really stronger than !qaurk/99SS~ ? > >> > > >> > Strictly speaking, you are right, but it is common sense that > > cryptographic keys should have maximum entropy, i.e., they > >> > should be selected uniformly at random from bit string of that length. > > Consequently, virtually all cryptographic papers > >> > and text books use key the key length synonymous to its entropy. Thus, > > I consider this distinction as unnecessary. > > > > Yes but, consider the audience. Cryptographic material is aimed at > > cryptographers who know about entropy without being told, the audience > > of this I-D is all sorts, including MIB module specialists whose > > knowledge of cryptography is probably less than useless. So I think > > 'length' is wrong, 'entropy' is probably too technical (especially if, > > like me, Thermodynamics was part of your degree), RFC5310 uses 'size and > > quality of the key' which is probably a good compromise. > > > > This section is about the influences of the cryptographic parameters of HMAC on the security. > The entropy or quality (I don't like that term) of the key is not a parameter, thus, it is not appropriate to mention is > along the size. I suggest the following wording: > > The security of each HMAC-SHA-2 authentication protocol depends on the parameters > used in the corresponding HMAC computation, which are the length of the key > (if the key has maximum entropy), the size of the [...] OK, Tom Petch > Rational: If the key's entropy is not maximal, the length does not necessarily influence the the security. > abcdabcdabcdabcdabcd is not necessarily more secure than abcdabcdabcdabcd. At least, the key length is not a primary > parameter in this case. On the other hand, it is best cryptographic practice to choose keys uniformly at random, so that > their entropy is maximal. > > -- > Johannes _______________________________________________ OPSAWG mailing list [email protected] https://www.ietf.org/mailman/listinfo/opsawg
