| Thread Links | Date Links | ||||
|---|---|---|---|---|---|
| Thread Prev | Thread Next | Thread Index | Date Prev | Date Next | Date Index |
|
Howdy, I’ve uploaded 11-26/0656r1 to mentor and it has the text modifications to add salt to PTK key derivation. Again, the motivation for this comes from the HKDF RFC itself: “HKDF is defined to operate with and without random salt. This is done to accommodate applications where a salt value is not available. We stress, however, that the use of salt adds significantly to the strength of HKDF, ensuring independence between different uses of the hash function, supporting "source-independent" extraction, and strengthening the analytical results that back the HKDF design. “It is worth noting that, while not the typical case, some applications may even have a secret salt value available for use; in such a case, HKDF provides an even stronger security guarantee.” Currently, 0.1 does not use salt. The author of HKDF, a well-known and respected cryptography Hugo Krawczyk, says that using salt “adds significantly to the strength” of the key derivation function and furthermore when an application can
use a secret salt, it “provides an even stronger security guarantee.” We can generate a secret salt. It’s the unauthenticated MLKEMss and DHss that we generate during negotiation. The PMK is the key that is being stretched to produce the PTK. The unauthenticated secrets are our secret salt. There is absolutely
no downside to this and, as noted above, the benefits are considerable. Please take a look at the document on mentor. Any comments or concerns, please bring them up here. Regards, Dan. -- “the object of life is not to be on the side of the majority, but to escape finding oneself in the ranks of the insane.” – Marcus Aurelius To unsubscribe from the STDS-802-11-TGBT list, click the following link: https://listserv.ieee.org/cgi-bin/wa?SUBED1=STDS-802-11-TGBT&A=1 |