Re: [babel] Some open HMAC issues
Toke Høiland-Jørgensen <toke@toke.dk> Mon, 02 July 2018 19:35 UTC
Return-Path: <toke@toke.dk>
X-Original-To: babel@ietfa.amsl.com
Delivered-To: babel@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E8434130DFD for <babel@ietfa.amsl.com>; Mon, 2 Jul 2018 12:35:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=toke.dk
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 58bZVhs49XK3 for <babel@ietfa.amsl.com>; Mon, 2 Jul 2018 12:35:49 -0700 (PDT)
Received: from mail.toke.dk (mail.toke.dk [IPv6:2001:470:dc45:1000::1]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9E70C13129A for <babel@ietf.org>; Mon, 2 Jul 2018 12:35:47 -0700 (PDT)
From: Toke Høiland-Jørgensen <toke@toke.dk>
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=toke.dk; s=20161023; t=1530560145; bh=SuKy+kd9r/Ta67QAUVmjjhNqdQjGTQjVZKNyjhL30qA=; h=From:To:Cc:Subject:In-Reply-To:References:Date:From; b=nAv1kkHxZzyKJVAErH3uo3WxWHSaiUU60hrc118prEJIE7npQ8X4zgloQnxJvZuWf SDBSHU84ANolmtrZkI35K0Eg3ScoFCUZvcIfCGqsFOv5ZrmQiTYO+UDc373iP1UBRh JCPX+DsS/Zrjykoabp+SjpHefrDvl7mhoIvXv3SmWVKGJxh6+v7OSAB6NeZe6fdSoG CKcgSiyfZn8x2UxbR62p/C6GDyIJS2GA5NMerEKKnAsLG4GT3dmJ0DjrraoQ8Ys4Jh +rCVhWwdxP9pyFC+PN5dn/koaDmAK+6QiGm/RIVY08tegWbCEhBkBA+Z/Sl7c9ybjr eNW6PqKlC/+sw==
To: David Schinazi <dschinazi@apple.com>
Cc: Juliusz Chroboczek <jch@irif.fr>, Weronika Kołodziejak <weronika.kolodziejak@gmail.com>, Clara Dô <clarado_perso@yahoo.fr>, babel@ietf.org
In-Reply-To: <0567A2E4-60F1-414E-BEC5-CB439AA07C22@apple.com>
References: <87sh545st3.wl-jch@irif.fr> <411E2C9F-A910-4899-8DD7-92C0C85EBC54@apple.com> <87sh523xy8.wl-jch@irif.fr> <7E5E0D4C-0049-47D1-ACFA-31EA0F843237@apple.com> <87d0w5ingo.fsf@toke.dk> <375EE128-E5F3-487C-9A9E-89A8C976489F@apple.com> <87a7r9imhy.fsf@toke.dk> <0567A2E4-60F1-414E-BEC5-CB439AA07C22@apple.com>
Date: Mon, 02 Jul 2018 21:35:55 +0200
X-Clacks-Overhead: GNU Terry Pratchett
Message-ID: <87woudh1lw.fsf@toke.dk>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/babel/xEb1rOeaQLd5tvbXjIYMA_DNwno>
Subject: Re: [babel] Some open HMAC issues
X-BeenThere: babel@ietf.org
X-Mailman-Version: 2.1.26
Precedence: list
List-Id: "A list for discussion of the Babel Routing Protocol." <babel.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/babel>, <mailto:babel-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/babel/>
List-Post: <mailto:babel@ietf.org>
List-Help: <mailto:babel-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/babel>, <mailto:babel-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 02 Jul 2018 19:36:01 -0000
David Schinazi <dschinazi@apple.com> writes: >> On Jul 2, 2018, at 10:19, Toke Høiland-Jørgensen <toke@toke.dk> wrote: >> >> Hmm, I'm not sure that I am convinced that it is worth the tradeoff to >> add the key ID. But assuming it is: Is there any reason why this ID >> needs to be user configured? We could just define it as a 16-bit >> truncated hash of the key itself, or something like that? > > I like this idea, but we'd have to be careful to not open up offline > attacks this way. Yeah, it should be purely an optimisation, and all security properties should be derived from the full HMAC. And we should be able to handle duplicate keyIDs due to collisions. So as long as it is implemented as: if (keyid != hash16bit(key_bytes)) { skip HMAC tlv } and not if (keyid == hash16bit(key_bytes) && !is_valid(hmac)) { reject packet } we should be fine, I think... -Toke
- Re: [babel] Some open HMAC issues Markus Stenberg
- [babel] Some open HMAC issues Juliusz Chroboczek
- Re: [babel] Some open HMAC issues Juliusz Chroboczek
- Re: [babel] Some open HMAC issues David Schinazi
- Re: [babel] Some open HMAC issues Juliusz Chroboczek
- Re: [babel] Some open HMAC issues Toke Høiland-Jørgensen
- Re: [babel] Some open HMAC issues David Schinazi
- Re: [babel] Some open HMAC issues David Schinazi
- Re: [babel] Some open HMAC issues Toke Høiland-Jørgensen
- Re: [babel] Some open HMAC issues David Schinazi
- Re: [babel] Some open HMAC issues Toke Høiland-Jørgensen
- Re: [babel] Some open HMAC issues Dave Taht
- Re: [babel] Some open HMAC issues Toke Høiland-Jørgensen
- Re: [babel] Some open HMAC issues Juliusz Chroboczek
- Re: [babel] Some open HMAC issues Juliusz Chroboczek
- Re: [babel] Some open HMAC issues David Schinazi
- Re: [babel] Some open HMAC issues Toke Høiland-Jørgensen
- Re: [babel] Some open HMAC issues Juliusz Chroboczek
- Re: [babel] Some open HMAC issues Toke Høiland-Jørgensen
- Re: [babel] Some open HMAC issues Juliusz Chroboczek
- Re: [babel] Some open HMAC issues David Schinazi
- [babel] Packet trailer [was: Some open HMAC issue… Juliusz Chroboczek
- Re: [babel] Packet trailer [was: Some open HMAC i… David Schinazi
- Re: [babel] Some open HMAC issues Toke Høiland-Jørgensen
- Re: [babel] Packet trailer [was: Some open HMAC i… Toke Høiland-Jørgensen
- Re: [babel] Some open HMAC issues Juliusz Chroboczek
- Re: [babel] Some open HMAC issues Toke Høiland-Jørgensen