| Re: EAP-AKA Key derivation | <– Date –> <– Thread –> |
From: Thomas Otto (t.otto sharevolution.de)
|
|
| Date: Tue, 10 Jan 2006 03:49:01 -0800 (PST) | |
Hi all, Just for curiosity, I looked at implementations of the IKEv2 PRF and DSS-PRF. EAP-FAST uses the IKEv2 PRF. EAP-SIM and AKA uses the DSS-PRF. The opensource project wpa_supplicant has implemented these KDFs. My feeling has been that the DSS-PRF is not as efficient ... however, at least for the particular implementation of wpa_supplicant, this is NOT true. The bottom-line (for the urgent reader): ==> The DSS-PRF is about 7-8x faster (regardless if 140 or 512 byte output). For the interested reader: The machine tested is an Amilo notebook, 1024 MB RAM, 1.7 GHz Intel Pentium M. --------------------------- parameters: 140 outputsize / byte iterations: 100000 Testing EAP-SIM PRF ... 100000 iterations: 1.783396 seconds Testing EAP-FAST PRF ... 100000 iterations: 12.632675 seconds The ratio IKEv2-KDF / DSS-KDF = 7.083494 ------------------- parameters: 512 outputsize / byte iterations: 100000 Testing EAP-SIM PRF ... 100000 iterations: 5.855131 seconds Testing EAP-FAST PRF ... 100000 iterations: 47.793291 seconds The ratio IKEv2-KDF / DSS-KDF = 8.162634------- The source file is available here: http://www.tu-bs.de/~y0013790/prftest.c This file must be copied into the wpa_supplicant directory, it can be compiled with $ gcc -MMD -O2 -Wall -g -I. -I../utils -I../hostapd prftest.c sha1.c md5.c common.c -o prftest.o
- Re: EAP-AKA Key derivation, (continued)
- Re: EAP-AKA Key derivation Thomas Otto, January 9 2006
-
Re: EAP-AKA Key derivation Bernard Aboba, January 9 2006
- Re: EAP-AKA Key derivation Thomas Otto, January 9 2006
-
RE: EAP-AKA Key derivation Salowey, Joe, January 9 2006
- Re: EAP-AKA Key derivation Thomas Otto, January 10 2006
Results generated by Tiger Technologies using MHonArc.