What is the right way to make one symmetric key of two symmetric keys.
Can i use hash functions of the two keys to build one key or shall use
XOR. I can not enrypt the data with first the key1 and then that packer
with key2, as encrypt Key1[ Key2[data]]. Regards Ulf Reiman
"Ulf Reiman"
news:1140684455.612635.229240@z34g2000cwc.googlegroups.com
> What is the right way to make one symmetric key of two symmetric keys.
> Can i use hash functions of the two keys to build one key or shall use
> XOR. I can not enrypt the data with first the key1 and then that packer
> with key2, as encrypt Key1[ Key2[data]]. Regards Ulf Reiman
I'm not sure of what you're asking.
If what you talk about session keys, they're not derived from the
asymetrical ones.
You randomly make a session key of the size you want. Then you encrypt
this key with the public key of your partner, his the only one that
have the correspondig private key than can decript the message to get
the session key.
Though, your securely passed the session key to your contact.
--
Posted via Mailgate.ORG Server - http://www.Mailgate.ORG
My question is:
One node has two symmetric keys (no public key), shared with other
node(s), a want to combine this two keys and make one new key. But a do
not know how to combine two keys in a safe way. This new key shall be
used in the network, and be changeably only by change one key that is a
combination of two keys.
Keys should be generated randomly. So what you propose is insecure.
Kind regards
Ludovic Joly
Ulf Reiman wrote:
> My question is:
> One node has two symmetric keys (no public key), shared with other
> node(s), a want to combine this two keys and make one new key. But a do
> not know how to combine two keys in a safe way. This new key shall be
> used in the network, and be changeably only by change one key that is a
> combination of two keys.
You don't describe a threat model. What is the attack that you're trying
to thwart with that combination of keys?
If both keys are assumed to remain secure, you can use any combination
operation. Security doesn't depend on it. You could even use either key
as it is.
If you need to prove that the parties have both keys, you have an
authentication problem, and that is quite another story.
-- Lassi
i give one example, one node has two symmetric keys ()K1, K2) shared
with another node; both nodes combine these keys to one key K3
(symmetric). Assume that K1 is exposed by an adversary in some way, I
want to send out a new key K4 to the nodes, and the new key K5 is a
combination of K2 and K4. But how do a combine K2 and K4, can I use XOR
or any hash function to combine two keys to one in a secure way?
For example, one node has two symmetric keys ()K1, K2) shared with
another node; both nodes combine these keys to one key K3 (symmetric).
Assume that K1 is exposed by an adversary in some way, I want to send
out a new key K4 to the nodes, and the new key K5 is a combination of
K2 and K4. But how do a combine K2 and K4, can I use XOR or any hash
function to combine two keys to one in a secure way?
Sounds like you want to achieve superencryption some way. If so just
google this term. It's well documented and you'll find lots of useful
and interesting resources.
Kind regards
Ludovic Joly
No, no superencryption, a wonder how do combine two symmetric keys to
one, assume two 128 bits key K1 and K2, is it safe to do K3=K2 (XOR)
K1, or is it more safe to do K3 =H(K1) + H(K2), if 2 hashes equals 128
bits. Another question is, assume that K1 is broken by some adversary,
is it them safe to do K3=K2 (XOR) K1, or does the broken K1 give to
mush information about K3. Is it then safer to do K3 =H (K1) + H (K2)?
If hashing is better can you give me a appropriate hash function.
Regards
Ulf Reiman
Ludovic Joly skrev:
> Sounds like you want to achieve superencryption some way. If so just
> google this term. It's well documented and you'll find lots of useful
> and interesting resources.
>
> Kind regards
> Ludovic Joly
I believe both methods make K3 as strong as the strength of K1 and the
strength of K2. If that's correct then I would xor because the keys can
have an length and you do not rely on the security of H.
Kind regards
Ludovic Joly
Ulf Reiman
> What is the right way to make one symmetric key of two symmetric keys.
Why do you want this?
Yours,
VB.
--
Wenn Du "Ich sehe die Mathematik als einzigen Bereich an, wo es klare
Beweise gibt." und "Ich fuehle mich in einem Anzug unwohl." als Aussagen
mit aequivalentem Meinungsinhalt betrachtest, hast Du mit Deinem Gleichnis
recht. (Michail Bachmann zu Thomas Wallutis in d.a.s.r)
Ulf Reiman
> One node has two symmetric keys (no public key), shared with other
> node(s), a want to combine this two keys and make one new key. But a do
> not know how to combine two keys in a safe way.
Why not using one of them for both as a PSK? You're searching for a PSK,
don't you?
> This new key shall be
> used in the network, and be changeably only by change one key that is a
> combination of two keys.
You're searching for non-symmetrical encryption, don't you?
Yours,
VB.
--
Wenn Du "Ich sehe die Mathematik als einzigen Bereich an, wo es klare
Beweise gibt." und "Ich fuehle mich in einem Anzug unwohl." als Aussagen
mit aequivalentem Meinungsinhalt betrachtest, hast Du mit Deinem Gleichnis
recht. (Michail Bachmann zu Thomas Wallutis in d.a.s.r)
Ulf Reiman
> i give one example, one node has two symmetric keys ()K1, K2) shared
> with another node; both nodes combine these keys to one key K3
> (symmetric). Assume that K1 is exposed by an adversary in some way, I
> want to send out a new key K4 to the nodes, and the new key K5 is a
> combination of K2 and K4. But how do a combine K2 and K4, can I use XOR
> or any hash function to combine two keys to one in a secure way?
This will not work. What you're really needing, is public key cryptography:
http://en.wikipedia.org/wiki/Public-key_cryptography
Yours,
VB.
--
Wenn Du "Ich sehe die Mathematik als einzigen Bereich an, wo es klare
Beweise gibt." und "Ich fuehle mich in einem Anzug unwohl." als Aussagen
mit aequivalentem Meinungsinhalt betrachtest, hast Du mit Deinem Gleichnis
recht. (Michail Bachmann zu Thomas Wallutis in d.a.s.r)
I can not use public key crypto, a will use encryption in low Cpu and
memory Devises,
why is not safe to hash/XOR K1 and K2 to a new key K3?
Regards
Ulf Reiman
Ulf Reiman
> why is not safe to hash/XOR K1 and K2 to a new key K3?
What do you want to achive with it?
Yours,
VB.
--
Wenn Du "Ich sehe die Mathematik als einzigen Bereich an, wo es klare
Beweise gibt." und "Ich fuehle mich in einem Anzug unwohl." als Aussagen
mit aequivalentem Meinungsinhalt betrachtest, hast Du mit Deinem Gleichnis
recht. (Michail Bachmann zu Thomas Wallutis in d.a.s.r)
In article <1140714976.665581.51290@z14g2000cwz.googlegroups.com>, "Ludovic
Joly"
>I believe both methods make K3 as strong as the strength of K1 and the
>strength of K2. If that's correct then I would xor because the keys can
>have an length and you do not rely on the security of H.
You have three possibilities with any operation on K1 and K2 to produce K3.
Let's call the operation "v":
K1 v K2 => K3
1. K3 is stronger than either K1 or K2.
2. K3 is the same strength as either K1 or K2.
3. K3 is weaker than either K1 or K2.
Concatenation of the two keys, to produce a longer key which you can use in an
algorithm that takes a longer key, is just about the best way to increase key
strength using this sort of scheme.
If you're using an encryption algorithm that requires that K1, K2 and K3 all
be the same length, you will find that you cannot tell whether your operation
produces answer 1, 2 or 3, except in one particular case. There is an
operation (actually, there are two symmetric operations) that will allow you
to guarantee that K3 is no weaker than K1, or that K3 is no weaker than K2.
The operation is "use one key, ignore the other".
There will always be keys where XORing them together produces a key with far
less randomness, so XOR is not reliable. Similarly for other operations,
there will always be a likelihood that you reduce the complexity.
Alun.
~~~~
[Please don't email posters, if a Usenet response is appropriate.]
--
Texas Imperial Software | Find us at http://www.wftpd.com or email
23921 57th Ave SE | alun@wftpd.com.
Washington WA 98072-8661 | WFTPD, WFTPD Pro are Windows FTP servers.
Fax/Voice +1(425)807-1787 | Try our NEW client software, WFTPD Explorer.
Alun Jones wrote:
> There will always be keys where XORing them together produces a key with far
> less randomness, so XOR is not reliable. Similarly for other operations,
> there will always be a likelihood that you reduce the complexity.
By "randomness" you probably mean entropy. It's true that you have no
guarantee that K3 has an acceptable level of entropy.
K3 = K1 v K2, in any case, regardless of entropy, is not random at all
- see my first post in this thread. The randomness is in K1 and in K2 -
but knowing them, K3 is entirely predictable.
It's like having random numbers and publishing them. Once published
they are no more random. They can be referred to as "that sequence that
was published the other day".
So if a summarise all answers it is possibly to use K3 = (truncate H[K1
|| K2] ) iff the randomness (man entropy) of K3 is equal to K1 and K2 ,
and to now that I need to run a some test of K3 for randomness. A
assume that the length of K1=K2=K3. Have a understand all answers
correctly?
/Ulf