Score:1

Developing a Simmetric Key Distribution protocol to use with rfc6238

lv flag

I'm trying to develop a Key Distribution Protocol to share symmetric keys in RFC 6238 (OTP). I started with RFC 6063, but this protocol is developed over old and known insecure algorithms like PBKDF and do not take advantage of more advanced hardware like smartphones (the device I will use to produce OTPs)

The main idea is to use entropy from both server and client to generate the KEY_TOKEN. My question. Is it a good idea to use Curve25519 to share a master key between client and server, to derive a key with HKDF to use ash K_TOKEN of RFC 6238 HMAC-SHA256 hash algorithm? I'm not a specialist, and I can't see that the resulting key is not secure in this scenario.

PS(I Will use different algorithms to store the key in both server and client, I need to understand the risks of using this key exchange flow) Thanks

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.