I guess part of my problem is that the term "entropy" is being used here
in two different incompatible but related senses, sort of like "pounds
force" and "pounds mass". Entropy in the cryptographic sense is the
measure of the possible values an item may take on, and is measured in
bits. Entropy in the thermodynamic sense is the measure of the disorder
in a system.
Talking about "effective entropy" is a little bit like talking about
"effective pounds mass" under acceleration, which makes my teeth itch.
Clint (JOATMON) Chaplin
Wireless Security Advisor
Wireless Standards Lead
>>> Bernard Aboba <aboba@internaut.com> 8/31/04 21:34:35 >>>
Forwarded from Clint Chaplin...
---------- Forwarded message ----------
Date: Tue, 31 Aug 2004 19:47:20 -0700
From: Clint Chaplin <cchaplin@symbol.com>
To: aboba@internaut.com, radiusext@ops.ietf.org
Subject: Re: I-D ACTION:draft-funk-radiusext-shared-secret-amp-01.txt
Bernard: due to a snafu here at Symbol, the radiusext email list is
silently rejecting my posts to it; however, I can still receive the
emails from it. Could you please forward this to the list for me?
Thanks!
I still disagree with the use of the term "entropy" within this I-D.
As a simplistic way of looking at this, let's say that the input to this
algorithm can only take on two distinct values, and also the salt can
only take on two distinct values (these values may be expressed using
many bits, but that won't change the argument). Since the salt and the
input can only have two distinct values, the entropy of each is only 1,
and the two combined can only take on four distinct values, and thus
have an entropy of 2. Putting these four distinct valuse through the
amplification process will still only yield an output with four distinct
values (although these output values may also be expressed using many
bits). No matter how many times the algorithm is applied, the output
will still only have a max of four distinct values, and a max entropy of
2. Hashing never adds true entropy, and if a collision occurs, can
reduce entropy.
Yes, the term "effective entropy" can be used, but that just confuses
the issue, I feel. Plus, there are still places in the draft where
"effective entropy" should be used for consistancy sake, and it is not.
For instance, in the abstract, the phrase "A dictionary attack against
the resulting shared secret will be infeasible due to its high entropy."
should state "A dictionary attack against the resulting shared secret
will be infeasible due to its high effective entropy."
In the introduction, the phrase "A dictionary attack against the
resulting shared secret will be infeasible due to its high entropy."
should be "A dictionary attack against the resulting shared secret will
be infeasible due to its high effective entropy."
And so on.
Clint (JOATMON) Chaplin
Wireless Security Advisor
Wireless Standards Lead
>>> <Internet-Drafts@ietf.org> 8/27/04 12:42:15 >>>
A New Internet-Draft is available from the on-line Internet-Drafts
directories.
Title : RADIUS Shared Secret Security Amplification
Author(s) : P. Funk
Filename : draft-funk-radiusext-shared-secret-amp-01.txt
Pages : 10
Date : 2004-8-27
This draft describes how a mechanism defined in [PKCS-5] can be used
to amplify the security of a RADIUS shared secret; namely, that a
precursor secret is hashed many times to produce an amplified
shared
secret for use in RADIUS.
A URL for this Internet-Draft is:
http://www.ietf.org/internet-drafts/draft-funk-radiusext-shared-secret-amp-01.txt
To remove yourself from the I-D Announcement list, send a message to
i-d-announce-request@ietf.org with the word unsubscribe in the body of
the message.
You can also visit https://www1.ietf.org/mailman/listinfo/I-D-announce
to change your subscription settings.
Internet-Drafts are also available by anonymous FTP. Login with the
username
"anonymous" and a password of your e-mail address. After logging in,
type "cd internet-drafts" and then
"get draft-funk-radiusext-shared-secret-amp-01.txt".
A list of Internet-Drafts directories can be found in
http://www.ietf.org/shadow.html
or ftp://ftp.ietf.org/ietf/1shadow-sites.txt
Internet-Drafts can also be obtained by e-mail.
Send a message to:
mailserv@ietf.org.
In the body type:
"FILE
/internet-drafts/draft-funk-radiusext-shared-secret-amp-01.txt".
NOTE: The mail server at ietf.org can return the document in
MIME-encoded form by using the "mpack" utility. To use this
feature, insert the command "ENCODING mime" before the "FILE"
command. To decode the response(s), you will need "munpack" or
a MIME-compliant mail reader. Different MIME-compliant mail
readers
exhibit different behavior, especially when dealing with
"multipart" MIME messages (i.e. documents which have been split
up into multiple messages), so check your local documentation
on
how to manipulate these messages.
Below is the data which will enable a MIME compliant mail reader
implementation to automatically retrieve the ASCII version of the
Internet-Draft.
________________________________________________________________________
This email has been scanned for computer viruses.
________________________________________________________________________
This email has been scanned for computer viruses.
--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>
________________________________________________________________________
This email has been scanned for computer viruses.
--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>