Session Key Questions

Kevin Hilton kevhilton at
Tue Oct 21 18:04:21 CEST 2008

>RFC-4880, section

>   If the hash size is less than the key size, multiple instances of
>   the hash context are created -- enough to produce the required key
>   data.  These instances are preloaded with 0, 1, 2, ... octets of
>   zeros (that is to say, the first instance has no preloading, the
>   second gets preloaded with 1 octet of zero, the third is preloaded
>   with two octets of zeros, and so forth).

>In other words, there are multiple hash contexts run, each responsible
>for a different part of of the key (0-159 & 159-255 in your SHA1 and
>AES256 example).

Sorry about my last reply, went I sent my question, David had not
responded as of yet.

Ok, so just to clarify, say I have a 160bit hash product (produced
from a salted password) Using the SHA1 hash.  In my theoretical
example, AES256 requires a 256 bit key. To construct this key

#1 0-159 = the salted hashed password (with 0 octects added)
#2 159-255 = the leftmost 80 bits of the salted preloaded password
with 1 octet zeros and then hased.

To produce the full 256 bits, the results of operation 1 and operation
2 are combined -- meaning result #1 is shifted 80 bits and then #2 is
added to #1?

Randomly generated session keys -- once produced are these salted and
hashed similiar to passwords?  Or is the generated session key the
required length for the chosen cipher?

When passwords are salted -- how long is the salt?  Is this appended
or prepended to the chosen password?

Kevin Hilton

More information about the Gnupg-users mailing list