[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: deriving client and server key




Chris Newman wrote:

--On February 23, 2009 8:59:44 -0800 Love Hörnquist Åstrand <lha@xxxxxx> wrote:

Right now the client and server key differences is:

ClientKey = H(SaltedPassword)
ServerKey = HMAC(SaltedPassword, salt)

Why are the derived by two different methods ? (why not XKey =
HMAC(SaltedKey, "X key")

I just realized I hadn't mentioned publicly that I think this would be a good change.

Specifically:

ClientKey = HMAC(SaltedPassword, "Client Key")
ServerKey = HMAC(SaltedPassword, "Server Key")

I think this actually makes the algorithm description a bit easier to understand. What do others think?

I don't really care. I've already implemented the old way, but changing my implementation wouldn't be difficult.