密码学原理技术-第十四章-Key Management

Introduction
[The n2 Key Distribution Problem](#The n2 Key Distribution Problem)
[Key Derivation](#Key Derivation)
- [Key Freshness](#Key Freshness)
- [Key Derivation](#Key Derivation)
- [Password-Based Key Derivation](#Password-Based Key Derivation)
[Key Establishment Using Symmetric-Key Techniques](#Key Establishment Using Symmetric-Key Techniques)
- [Advantages and Insecurity of the toy protocol](#Advantages and Insecurity of the toy protocol)
- [Kerberos: Needham-Schroeder Protocol](#Kerberos: Needham-Schroeder Protocol)
[Key Establishment Using Asymmetric Techniques](#Key Establishment Using Asymmetric Techniques)
- [Man-in-the-Middle Attack](#Man-in-the-Middle Attack)
- [Distribution of Public keys](#Distribution of Public keys)
- - [Public announcement](#Public announcement)
  - [Publicly available directory](#Publicly available directory)
  - [Public-key authority](#Public-key authority)
  - [Public-key certificates 非常重要](#Public-key certificates 非常重要)
- Certificates
- - [Certificates in the Real World](#Certificates in the Real World)
- [Public-Key Infrastructure](#Public-Key Infrastructure)

Introduction

在理想的密钥协商（或者说密钥交换）协议中，没有任何单独的一方能够完全控制密钥的值：双方共同生成

非对称密钥建立协议生成的密钥很大，不适合做对称密钥

通过密钥派生函数生成密钥

HMAK生成的签名比较随机，所以看出伪随机函数

下面的Int(1)是用作填充用的，更全面的说应该是多个0||1

KDC已经和各个用户存了一个对称密钥

单点故障：攻击KDC就攻击所有了
重放攻击：拦截第一轮会话密钥分别加密后的ya和yb，然后当下一轮申请会话密钥时候，拦截将上一轮拦截的会话密钥发给各自，导致使用旧的会话密钥来通信
密钥确认攻击：oscar拦截篡改请求为alice和oscar的，然后KDC会生成会话密钥，将会话密钥一起发给alice，此时alice解密会话密钥得到自己的会话密钥，然后加密信息，并和另一个会话密钥一起发给bob，此时oscar中间拦截，解密得到会话密钥和消息，然后alice与bob使用会话密钥的通信都会被oscar拦截，从而使得alice以为在和bob通信，其实在和oscar通信