[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

AW: I-D ACTION:draft-funk-radiusext-shared-secret-amp-01.txt

To: "'Nelson, David'" <dnelson@enterasys.com>, "'radiusext@ops.ietf.org'" <radiusext@ops.ietf.org>
Subject: AW: I-D ACTION:draft-funk-radiusext-shared-secret-amp-01.txt
From: "Lothar Reith" <lothar.reith@nortelnetworks.com>
Date: Thu, 2 Sep 2004 19:39:55 +0200

Title: AW: I-D ACTION:draft-funk-radiusext-shared-secret-amp-01.txt

David,

thanks for these references (shame on me for using the term cryptography without having read the cryptography bible of Bruce Schneier).

However, I meanwhile found some references that also use the term guessability in a way which I consider consistent to my proposal of replacing the term "effective entropy" by "guessability", including:

http://csrc.nist.gov/kba/Presentations/Day%202/Chokhani-KBA%20Metrics.pdf

http://www.ifp.uiuc.edu/~paradasa/talks/IMCrypto_ECE459Talk.pdf

and taken from: www.cnri.dit.ie/Downloads/guesswork_and_entropy.ps
"In all these cases entropy is being used to measure `guessability'. There are many possible criteria for specifying `guessability'. The one we consider here is the expected number of guesses required to get the correct answer. There are various strategies which can be used for guessing. Commonly know are brute force attacks where all symbols are guessed in no particular order, and dictionary attacks where symbols which are deemed more probable are guessed first. Well known software such as Crack [8] uses a dictionary attack.

The guessing strategy we consider is the optimal one, where symbols are guessed in decreasing order of probability. "

Also, there is an Internet Draft mentioning guessability in the context of email adresses:

http://www.ietf.org/internet-drafts/draft-pale-email-01.txt.

Best Regards, Lothar

-----Ursprüngliche Nachricht-----
Von: Nelson, David [mailto:dnelson@enterasys.com]
Gesendet: Donnerstag, 2. September 2004 17:58
An: Reith, Lothar [HAHN:NGD:EXCH]; radiusext@ops.ietf.org
Betreff: RE: I-D ACTION:draft-funk-radiusext-shared-secret-amp-01.txt

Note that it leaves the word entropy in one of it's cryptographic meaning (by the way I did not know of the cryptographic definition, only of the physical definition in the first place).

DBN: For those interested, the cryptographic definition of entropy is derived from Information Theory, specifically two papers by Shannon: C.E.Shannon: A mathematical theory of communications. Bell Systems Journal, 27:379-423, 623-656, 1948 and C.E. Shannon: Communications theory of secrecy systems. Bell Systems Journal, 28:656-715, 1949.

DBN: Cryptographic entropy is also discussed in most cryptography texts, e.g. B. Schneier: Applied Cryptography, 2nd Ed., 233-237, 1996.

Prev by Date: RE: I-D ACTION:draft-funk-radiusext-shared-secret-amp-01.txt
Next by Date: RADEXT WG Minutes for IETF60 Monday session
Previous by thread: AW: I-D ACTION:draft-funk-radiusext-shared-secret-amp-01.txt
Next by thread: review of draft-sterman
Index(es):
- Date
- Thread