Re: [babel] Babel-MAC: Blake2s is 128-bits by default
David Schinazi <dschinazi.ietf@gmail.com> Sat, 07 November 2020 00:14 UTC
Return-Path: <dschinazi.ietf@gmail.com>
X-Original-To: babel@ietfa.amsl.com
Delivered-To: babel@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 191963A0420 for <babel@ietfa.amsl.com>; Fri, 6 Nov 2020 16:14:53 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nKy8SNK4sgBT for <babel@ietfa.amsl.com>; Fri, 6 Nov 2020 16:14:51 -0800 (PST)
Received: from mail-lj1-x230.google.com (mail-lj1-x230.google.com [IPv6:2a00:1450:4864:20::230]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 19EC53A0418 for <babel@ietf.org>; Fri, 6 Nov 2020 16:14:51 -0800 (PST)
Received: by mail-lj1-x230.google.com with SMTP id p15so3299486ljj.8 for <babel@ietf.org>; Fri, 06 Nov 2020 16:14:51 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=i+ciIg7eVnFimwhJtxzMgY9DDM5bW2vnr1tqRlrCtko=; b=uFVtIVWo7XdmdNI8IpwKfDBOS4tiO1WHhlY5mzSuWqezcK56etBwmNZyAbSzETnCO2 LbPpBs0jx3/7sUImmg2O8HXgGAtxqTJky1e0gqfW4bLvjIFVncMx8ynMPJCkHcwyIwUP /Tx+ONxckbxTm250D2cAXl7rUQIp1P5knH31KPfKbcSXZkaaEh/CSaULsRECp8S1oceO 1spkrZx7GyrWm7tygcncSvhh+5gCHRq4PILt+qd4q9CojEKpw/hb8B2dnQfy7tumoo91 axElDBSOHBHCpZkROuvR86k+Mf9CgNX6/hijaEYAJfKm0v1+42glegGMzcBeKGgPHQCS /Mgw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=i+ciIg7eVnFimwhJtxzMgY9DDM5bW2vnr1tqRlrCtko=; b=KyQ81+bWL8tF4czRywMOuQAJ7pDRtjU4PneUrTfYRDgkLD82v/iYN5hymaiA1dH9tv 7EPJjQzK3r20k5KEViXAyYqAcwNGv+n9g/Stifi5xbzNOXAmXKs/0lFZvjVLbWoZjOVv INgdev7r0rI5JePsA6lDYe0mbHjBrPn+OaZ3DmEYtBP1QCoyCcEZlxUio6apGsLzcCwY rgjhjJICsXnzSWWfhB620o2CwFU09v8JINwB934naqw0OooNbCCJyA+XCBOl9s6PtKss n6zgLIisORbM9a4YZqW2KO0A/A5roEumjjEPTJOURYieMZAu5pBVaDtyw3UP8Rusf6qE g0Mw==
X-Gm-Message-State: AOAM531zmAV23lC9GNmvVUuTmgf+Edad5wXqbBTXL4h6bJaVAN1DK90g wa8SKw4YJh3IEuuzT4tKYudZcKDgEyrl2SQeNZg=
X-Google-Smtp-Source: ABdhPJzJ7niu1p096eYhxLl1FAwRsy2ABN2Z9CLJyeHKP/NM+rgD/gWEmzURPj8bHtkknKjFx7EWhKeznPkRyTQv6SE=
X-Received: by 2002:a2e:9188:: with SMTP id f8mr1694558ljg.333.1604708089075; Fri, 06 Nov 2020 16:14:49 -0800 (PST)
MIME-Version: 1.0
References: <87h7q2f6a2.fsf@toke.dk> <C6WJTKSPAQRR.2P5VECMV63MAQ@kobain>
In-Reply-To: <C6WJTKSPAQRR.2P5VECMV63MAQ@kobain>
From: David Schinazi <dschinazi.ietf@gmail.com>
Date: Fri, 06 Nov 2020 16:14:38 -0800
Message-ID: <CAPDSy+77iiHcMY5m8e_xYw6a3vrj-JAyHpGk1dqWQOdQWNwpUA@mail.gmail.com>
To: Antonin Décimo <antonin.decimo@gmail.com>
Cc: Toke Høiland-Jørgensen <toke=40toke.dk@dmarc.ietf.org>, Juliusz Chroboczek <jch@irif.fr>, Babel at IETF <babel@ietf.org>, Donald Eastlake <d3e3e3@gmail.com>, Valery Smyslov <valery@smyslov.net>, Barbara Stark <bs7652@att.com>
Content-Type: multipart/alternative; boundary="0000000000009e1a5305b3793790"
Archived-At: <https://mailarchive.ietf.org/arch/msg/babel/_mClPHMbB6oW7socFPuo0-obbzg>
Subject: Re: [babel] Babel-MAC: Blake2s is 128-bits by default
X-BeenThere: babel@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "A list for discussion of the Babel Routing Protocol." <babel.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/babel>, <mailto:babel-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/babel/>
List-Post: <mailto:babel@ietf.org>
List-Help: <mailto:babel-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/babel>, <mailto:babel-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 07 Nov 2020 00:14:53 -0000
Random thought: the draft mentions that the MAC algorithm is configured alongside the key for it. Perhaps we should add an explicit sentence such as "For MAC algorithms that support multiple digest sizes (such as BLAKE2s), the digest size needs to be communicated alongside the MAC algorithm.". I agree that the "SHOULD implement BLAKE2s" should mention a key length, but I have no preference between: - SHOULD implement BLAKE2s with 16-octet hashes - SHOULD implement BLAKE2s with 32-octet hashes - SHOULD implement BLAKE2s with both 16 and 32-octet hashes David On Fri, Nov 6, 2020 at 3:09 PM Antonin Décimo <antonin.decimo@gmail.com> wrote: > > > As Valery Smyslov noted, BLAKE2s is able to produce hashes of any size > > > between 1 and 32 octets (8 and 256 bits). However, both > implementations > > > of Babel-MAC only ever produce 16-octet BLAKE2s hashes. > > > > Okay, something seemed off about this when I read it just now, so I just > > double checked: And in fact both implementations use 32-byte Blake2s > > digest sizes... > > That also seemed off to me. To be fair regarding babeld, the "old" > hmac branch used 16-bytes blake2s, and my rewrite uses 32-bytes. We’re > using the reference blake2s implementation, and I changed 16 to the > provided BLAKE2S_OUTBYTES = 32 constant. > > > I still support making the change and specifying the size, but to > > correspond to current implementation practice the change would need to > > be "with 256-bit (32 octet) hashes". > > Me too. I an exchange earlier this year, Donald and Juliusz explained > to me that the size of the output hash is considered part of the > hashing algorithm, so yes, I support making that explicit for blake2s. > > > -- Antonin > > _______________________________________________ > babel mailing list > babel@ietf.org > https://www.ietf.org/mailman/listinfo/babel >
- [babel] Babel-MAC: Blake2s is 128-bits by default Juliusz Chroboczek
- Re: [babel] Babel-MAC: Blake2s is 128-bits by def… David Schinazi
- Re: [babel] Babel-MAC: Blake2s is 128-bits by def… Toke Høiland-Jørgensen
- Re: [babel] Babel-MAC: Blake2s is 128-bits by def… Juliusz Chroboczek
- Re: [babel] Babel-MAC: Blake2s is 128-bits by def… Antonin Décimo
- Re: [babel] Babel-MAC: Blake2s is 128-bits by def… David Schinazi
- Re: [babel] Babel-MAC: Blake2s is 128-bits by def… Donald Eastlake
- Re: [babel] Babel-MAC: Blake2s is 128-bits by def… Juliusz Chroboczek
- Re: [babel] Babel-MAC: Blake2s is 128-bits by def… Donald Eastlake
- Re: [babel] Babel-MAC: Blake2s is 128-bits by def… Gabriel Kerneis
- Re: [babel] Babel-MAC: Blake2s is 128-bits by def… Juliusz Chroboczek
- Re: [babel] Babel-MAC: Blake2s is 128-bits by def… Toke Høiland-Jørgensen
- Re: [babel] Babel-MAC: Blake2s is 128-bits by def… Juliusz Chroboczek
- Re: [babel] Babel-MAC: Blake2s is 128-bits by def… Toke Høiland-Jørgensen
- Re: [babel] Babel-MAC: Blake2s is 128-bits by def… Valery Smyslov
- Re: [babel] Babel-MAC: Blake2s is 128-bits by def… Toke Høiland-Jørgensen
- Re: [babel] Babel-MAC: Blake2s is 128-bits by def… Juliusz Chroboczek
- Re: [babel] Babel-MAC: Blake2s is 128-bits by def… Toke Høiland-Jørgensen
- Re: [babel] Babel-MAC: Blake2s is 128-bits by def… Juliusz Chroboczek
- Re: [babel] Babel-MAC: Blake2s is 128-bits by def… Antonin Décimo
- Re: [babel] Babel-MAC: Blake2s is 128-bits by def… Toke Høiland-Jørgensen
- Re: [babel] Babel-MAC: Blake2s is 128-bits by def… Donald Eastlake
- Re: [babel] Babel-MAC: Blake2s is 128-bits by def… Donald Eastlake
- Re: [babel] Babel-MAC: Blake2s is 128-bits by def… STARK, BARBARA H
- Re: [babel] Babel-MAC: Blake2s is 128-bits by def… Toke Høiland-Jørgensen
- Re: [babel] Babel-MAC: Blake2s is 128-bits by def… Juliusz Chroboczek