|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] iSCSI: IKE groups and DH-CHAP> I proposed earlier that the ability to specify N and g should be > deleted and replaced by an enumerated list of specific standardized > groups, exactly as IKE does it. There has been no feedback on that > except for Tom Wu's comment that g=2 is not an appropriate choice for > SRP (unlike IKE). So that means the IKE groups are not directly > useable because we would have to replace g=2 by g=<a generator> for > SRP. I also like the enumerated list of groups approach, for many of the reasons Paul and Jim have pointed out. > I don't know if the objection to g=2 is applicable to DH-CHAP; > unfortunately, that question goes well beyond my crypto skills but > there are others on this list who do have the ability to answer that > question. I don't believe so, because DH-CHAP is only doing an unadorned unauthenticated DH exchange. I'm also not a crypto expert, but one possible cause for SRP's stronger requirement is that it's using significantly larger exponents than a DH exchange would. Perhaps Tom Wu can explain ... Thanks, --David
Home Last updated: Tue Apr 30 13:18:32 2002 9887 messages in chronological order |