Re: [babel] Babel-MAC: Blake2s is 128-bits by default

"STARK, BARBARA H" <bs7652@att.com> Mon, 30 November 2020 21:10 UTC

From: "STARK, BARBARA H" <bs7652@att.com>
To: 'Toke Høiland-Jørgensen' <toke=40toke.dk@dmarc.ietf.org>, 'Juliusz Chroboczek' <jch@irif.fr>
CC: 'Valery Smyslov' <valery@smyslov.net>, "'babel@ietf.org'" <babel@ietf.org>
Thread-Topic: [babel] Babel-MAC: Blake2s is 128-bits by default
Thread-Index: AQHWtIynqOW2ZrjKv0unDQSqMiR04Km7taWAgA3SHACAAU5LgIACOMyAgAC7PICAB9srAIADoxOAgAELyICABvr/QA==
Date: Mon, 30 Nov 2020 21:10:27 +0000
Message-ID: <SN6PR02MB4512897B1B29744C68D02A46C3F50@SN6PR02MB4512.namprd02.prod.outlook.com>
References: <87d00qungk.wl-jch@irif.fr> <87h7q2f6a2.fsf@toke.dk> <87o8jya4jz.wl-jch@irif.fr> <87wnyl4dgi.fsf@toke.dk> <878sazh7ge.wl-jch@irif.fr> <87o8jvylta.fsf@toke.dk> <87o8jomjfb.fsf@toke.dk> <87360xz3yk.wl-jch@irif.fr> <87ft4wl8h6.fsf@toke.dk>
In-Reply-To: <87ft4wl8h6.fsf@toke.dk>
Accept-Language: en-US
Content-Language: en-US
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: ed0d676e-ef3c-41cb-4249-08d895745c63
X-MS-Exchange-CrossTenant-originalarrivaltime: 30 Nov 2020 21:10:27.0539 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: e741d71c-c6b6-47b0-803c-0f3b32b07556
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: EffW15/5g/IhgpljiVwi2fo+1cd1KzfZlYiG0ZMBYGn6qKOViZOeYpzRzh4yu91Z
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN1PR02MB3872
X-OriginatorOrg: att.com
X-TM-SNTS-SMTP: BC61128B1C9AEE6EE876B8B0D1C4AB80D085159FC657C339FE4CC496F25689222
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.312, 18.0.737 definitions=2020-11-30_11:2020-11-30, 2020-11-30 signatures=0
X-Proofpoint-Spam-Details: rule=outbound_policy_notspam policy=outbound_policy score=0 lowpriorityscore=0 impostorscore=0 phishscore=0 priorityscore=1501 suspectscore=0 adultscore=0 bulkscore=0 mlxlogscore=270 clxscore=1015 malwarescore=0 mlxscore=0 spamscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2009150000 definitions=main-2011300134
Archived-At: <https://mailarchive.ietf.org/arch/msg/babel/wax09oIrJTadGfOWAYgCHoTqhkc>
Subject: Re: [babel] Babel-MAC: Blake2s is 128-bits by default
X-BeenThere: babel@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "A list for discussion of the Babel Routing Protocol." <babel.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/babel>, <mailto:babel-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/babel/>
List-Post: <mailto:babel@ietf.org>
List-Help: <mailto:babel-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/babel>, <mailto:babel-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 30 Nov 2020 21:10:56 -0000

Just to confirm (because assuming is bad)...

> >> This does raise one question, though (as I just found out while
> >> implementing the option for a 128-bit version): How does this impact the
> >> recommendations for key size?
> >
> > I suggest that they remain the same (SHOULD be 32 bytes).
> >
> > The digest size impacts the overhead carried by every packet.  Not so the
> > key size: increasing the key size is essentially free.  As a matter of
> > fact, Blake2s will pad the key with zeroes before it is used.
> >
> > Thus:
> >
> >   - allowing shorter keys gains no generality (the user may achieve the
> >     same result by padding with zeroes before passing the key to Blake2s);
> >
> >   - disallowing shorter keys causes confusion (by using a value different
> >     from both HMAC-SHA-256 and the Blake2s maximum), and has no
> measurable
> >     benefits.
> >
> > I do not believe that it impacts the security in any way (2^128 ns is
> > roughly 10^12 times the age of the universe), but I could be wrong.
> 
> Yeah, makes sense, let's keep it at 32 bytes :)

... this means that other than changing "BLAKE2s" to "BLAKE2s-128" (consistent
with the list of "possible values" change), no other change is needed to the text 
in info model re BLAKE2s key length:

      If the algorithm is "BLAKE2s-128",
      the length MUST be between 0 and 32 bytes inclusive, as described
      in [RFC7693].

Barbara

[babel] Babel-MAC: Blake2s is 128-bits by default Juliusz Chroboczek
Re: [babel] Babel-MAC: Blake2s is 128-bits by def… David Schinazi
Re: [babel] Babel-MAC: Blake2s is 128-bits by def… Toke Høiland-Jørgensen
Re: [babel] Babel-MAC: Blake2s is 128-bits by def… Juliusz Chroboczek
Re: [babel] Babel-MAC: Blake2s is 128-bits by def… Antonin Décimo
Re: [babel] Babel-MAC: Blake2s is 128-bits by def… David Schinazi
Re: [babel] Babel-MAC: Blake2s is 128-bits by def… Donald Eastlake
Re: [babel] Babel-MAC: Blake2s is 128-bits by def… Juliusz Chroboczek
Re: [babel] Babel-MAC: Blake2s is 128-bits by def… Donald Eastlake
Re: [babel] Babel-MAC: Blake2s is 128-bits by def… Gabriel Kerneis
Re: [babel] Babel-MAC: Blake2s is 128-bits by def… Juliusz Chroboczek
Re: [babel] Babel-MAC: Blake2s is 128-bits by def… Toke Høiland-Jørgensen
Re: [babel] Babel-MAC: Blake2s is 128-bits by def… Juliusz Chroboczek
Re: [babel] Babel-MAC: Blake2s is 128-bits by def… Toke Høiland-Jørgensen
Re: [babel] Babel-MAC: Blake2s is 128-bits by def… Valery Smyslov
Re: [babel] Babel-MAC: Blake2s is 128-bits by def… Toke Høiland-Jørgensen
Re: [babel] Babel-MAC: Blake2s is 128-bits by def… Juliusz Chroboczek
Re: [babel] Babel-MAC: Blake2s is 128-bits by def… Toke Høiland-Jørgensen
Re: [babel] Babel-MAC: Blake2s is 128-bits by def… Juliusz Chroboczek
Re: [babel] Babel-MAC: Blake2s is 128-bits by def… Antonin Décimo
Re: [babel] Babel-MAC: Blake2s is 128-bits by def… Toke Høiland-Jørgensen
Re: [babel] Babel-MAC: Blake2s is 128-bits by def… Donald Eastlake
Re: [babel] Babel-MAC: Blake2s is 128-bits by def… Donald Eastlake
Re: [babel] Babel-MAC: Blake2s is 128-bits by def… STARK, BARBARA H
Re: [babel] Babel-MAC: Blake2s is 128-bits by def… Toke Høiland-Jørgensen
Re: [babel] Babel-MAC: Blake2s is 128-bits by def… Juliusz Chroboczek