Score:1

What if the other user generate the Session Key rather than KDC for Key Establishment

cn flag

I m studying for the Key Establishment Using a Key Distribution Center From my understanding, KDC contains all the users' private keys. For example, If Alice wants to talk with Bob, Alice requests to the KDC by using Request(IDAlice,IDBob) and KDC generates the random session key and encrypts the session key with Alice's Key and Bob's key. Alice receives the encryptwithAliceKey(SessionKey),encryptwithBobKey(SessionKey), decrypts the Alice key to get the session key and use the session key to encrypt the message and send it to Bob encyptwithSessionKey(Message), encryptwithBobKey(SessionKey).

But my question is What if Alice generates the Session key and encrypts it with her Key and sends the request(Encrypt(SessionKey), ID(Alice), and KDC decrypts the SessionKey by using Alice's key and encrypts the session key with the Bob's Key and sends it to Alice back, Alice encrypts the message with her generated session key and send the Bob to the encrypted message and encrypted session key with Bob's key from the KDC

I know the question might not be clear enough so if I make shorter questions what's is the benefit of the session key generated by KDC, not from the Users?

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.