-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, when generating a key for SRTP the following is done in transport_srtp.c: - --- for (i=0; i<crypto_suites[cs_idx].cipher_key_len && key_ok; ++i) if (key[i] == 0) key_ok = PJ_FALSE; - --- Any key containing a byte with the value 0 will be rejected and another key will be generated instead. The key size is 128 bits (plus a 112 bit salt value). So the key is 16 bytes long, giving one of 256^16 possible values. But since the value 0 isn't allowed the possible values are reduced to 255^16. Thus the key is weakened. Is there a good reason for weakening the SRTP key? Cheers, Dan -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEcBAEBAgAGBQJUtm3QAAoJEOvuRbFerTDlKRgH/RAJQIzohPsnThy3cViwhaeh Fm2/dvIMD2zXo9EKBcriN5XSEgY+wIb1NR3exSUQTA4LZfI9Ns+3GNNt7yQAolsC 0KugHRhQxLmgzKhyRK8rL8m0ulBE+KniTClk2xWus1B7GluOBZBhhlN6XOtK2Y4t kpau3tgqWPmO5vCUq3li+ovalJ0KQ5MByNVs/h+90iT9OJIumwoHTK5/3ByDeAAj matC3loDM+P3kelGvpMkuQYg3G6hByOlfzxkVmT8UPuY85m3aW/sYOH9SfOhb01M cMKcrpSQ/qHwpQXTUWq+TPZyRpcpz7mjH+aFfXvZ+nXaG0CJKsmR2UUm8m4AKuY= =gfKH -----END PGP SIGNATURE-----
