Re: [Cfrg] erratum for hmac what do we think...

"Dang, Quynh (Fed)" <quynh.dang@nist.gov> Thu, 02 February 2017 14:20 UTC

Return-Path: <quynh.dang@nist.gov>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 443E7129648 for <cfrg@ietfa.amsl.com>; Thu, 2 Feb 2017 06:20:08 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nistgov.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fyOjo9aJGoIg for <cfrg@ietfa.amsl.com>; Thu, 2 Feb 2017 06:20:05 -0800 (PST)
Received: from gcc01-CY1-obe.outbound.protection.outlook.com (mail-cy1gcc01on0100.outbound.protection.outlook.com [23.103.200.100]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3C6C01293E9 for <Cfrg@irtf.org>; Thu, 2 Feb 2017 06:20:05 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nistgov.onmicrosoft.com; s=selector1-nist-gov; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=FxRrp+JX8YqpX/42+KVFBNfAXWN7B3deEQFp3dLS8zw=; b=kfy4YIAK1JLbPJTO2fHYy3h+jQM16DdAAUPaguvwK7NwwsLvWKKXlfwV4zudrUhXavSVx1wAGg0noYVlWxTsxdmDsAfEmCfgEqwvbYICLK/iv7oQpGGze/tdZqslg9Y3mi5k7z0YmGDzSRjUyhxrcRKMEg8usBE0jihod5EtcyM=
Received: from CY4PR09MB1464.namprd09.prod.outlook.com (10.173.191.22) by CY4PR09MB1464.namprd09.prod.outlook.com (10.173.191.22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.1.888.16; Thu, 2 Feb 2017 14:20:03 +0000
Received: from CY4PR09MB1464.namprd09.prod.outlook.com ([10.173.191.22]) by CY4PR09MB1464.namprd09.prod.outlook.com ([10.173.191.22]) with mapi id 15.01.0888.020; Thu, 2 Feb 2017 14:20:03 +0000
From: "Dang, Quynh (Fed)" <quynh.dang@nist.gov>
To: "Paterson, Kenny" <Kenny.Paterson@rhul.ac.uk>, Stephen Farrell <stephen.farrell@cs.tcd.ie>, "cfrg@irtf.org" <Cfrg@irtf.org>
Thread-Topic: [Cfrg] erratum for hmac what do we think...
Thread-Index: AQHSfPuTQmuL3UqM9EiFUsuWG7TDaaFVwYGAgAACtTw=
Date: Thu, 2 Feb 2017 14:20:03 +0000
Message-ID: <CY4PR09MB14645E105002D056B27D9DA4F34C0@CY4PR09MB1464.namprd09.prod.outlook.com>
References: <666efaf7-b660-e20b-8a8a-8949a64e9bed@cs.tcd.ie>, <D4B8ED5B.83EFC%kenny.paterson@rhul.ac.uk>
In-Reply-To: <D4B8ED5B.83EFC%kenny.paterson@rhul.ac.uk>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=quynh.dang@nist.gov;
x-ms-exchange-messagesentrepresentingtype: 1
x-originating-ip: [129.6.218.222]
x-ms-office365-filtering-correlation-id: 016cf595-9c65-416a-cbf0-08d44b769488
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001)(48565401081); SRVR:CY4PR09MB1464;
x-microsoft-exchange-diagnostics: 1; CY4PR09MB1464; 7:IhxBxh3rKldV8RXig4jPa1HGNgJSnPTDZ2k0DdT1oJRDvF1dW/KH6NDREiSK4JCB6mtUnBbl69ZRK5+VlNBHurmLCoiEQM6A2dAQuzOEJ9CNsv38/+ltwXaOtrDCBWzkXgyatO7dkItjIRnDErhqQXhrwU8YXpKXa73wErivUmqJjpuhGkTXb7jxA4PE1UKuV6+WA8Ntea5Ladn0eUfuU03Y1itOcVQXzu7YBxq4QyVvexMjr76JUo939Zpmi+HMFDJbaeEujjpoJTC0LocWjmCGEIBNjEvGRF6g7HT9JkKnmg1Et3zBrhlBPmtraJ2C6nh0Xp7s6FiB00YFcOtUCNIObvSDlrky6hzVtVqZcL0NfDnfUlN9hpuUkOdgYBjVBoKT8PsxPNk47+Z8YH6ZwrhOHP0o69RNJwBOJEr8FrUt/Ym2Nr0rxy075j64uLSW8Fb4YZAdYJJqlQPN2JdmspPHyrHQgnIw6tGOeOBL97yqPgpMl8x7WDHFYRRBCxWRimXjdCMyUkzQSiN6qwOTqA==
x-microsoft-antispam-prvs: <CY4PR09MB14644736C9C66434C6F40577F34C0@CY4PR09MB1464.namprd09.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(32856632585715);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(6040375)(601004)(2401047)(8121501046)(5005006)(10201501046)(3002001)(6055026)(6041248)(20161123558025)(20161123564025)(20161123562025)(20161123560025)(20161123555025)(6072148); SRVR:CY4PR09MB1464; BCL:0; PCL:0; RULEID:; SRVR:CY4PR09MB1464;
x-forefront-prvs: 02065A9E77
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(7916002)(39450400003)(39410400002)(39840400002)(39850400002)(39860400002)(24454002)(199003)(377454003)(189002)(33656002)(3280700002)(122556002)(101416001)(2950100002)(6606003)(7906003)(3660700001)(50986999)(3900700001)(7696004)(2906002)(53936002)(5660300001)(7736002)(74316002)(76176999)(54356999)(16799955002)(189998001)(81166006)(6306002)(54896002)(55016002)(81156014)(99286003)(2900100001)(8936002)(105586002)(102836003)(6116002)(3846002)(106356001)(9686003)(236005)(106116001)(92566002)(25786008)(19627405001)(6506006)(6436002)(107886002)(606005)(68736007)(2501003)(8676002)(8656002)(77096006)(66066001)(86362001)(38730400001)(229853002)(5001770100001)(97736004); DIR:OUT; SFP:1102; SCL:1; SRVR:CY4PR09MB1464; H:CY4PR09MB1464.namprd09.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en;
received-spf: None (protection.outlook.com: nist.gov does not designate permitted sender hosts)
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/alternative; boundary="_000_CY4PR09MB14645E105002D056B27D9DA4F34C0CY4PR09MB1464namp_"
MIME-Version: 1.0
X-OriginatorOrg: nist.gov
X-MS-Exchange-CrossTenant-originalarrivaltime: 02 Feb 2017 14:20:03.4448 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 2ab5d82f-d8fa-4797-a93e-054655c61dec
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY4PR09MB1464
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/5JChFxNZKf0WC2le75alSClzcIM>
Subject: Re: [Cfrg] erratum for hmac what do we think...
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Thu, 02 Feb 2017 14:20:08 -0000

Kenny just made a great point that HMAC is not a PRF: it is trivial to find 2 keys which produce the same HMAC output.


Quynh.


________________________________
From: Cfrg <cfrg-bounces@irtf.org> on behalf of Paterson, Kenny <Kenny.Paterson@rhul.ac.uk>
Sent: Thursday, February 2, 2017 9:07 AM
To: Stephen Farrell; cfrg@irtf.org
Subject: Re: [Cfrg] erratum for hmac what do we think...

Dear CFRG,

It'd be great if some HMAC experts could take a look at this proposed
erratum and give a view on it.

I looked quickly myself. It's an undesirable property, but I don't think
it's disastrous (yes, I could invent scenarios where one could come
unstuck because of it). It reminds me somewhat of the well-known, and
again somewhat unfortunate, fact that HMAC keys of different lengths can
end up being padded to form colliding keys.

Cheers,

Kenny

On 02/02/2017 02:24, "Cfrg on behalf of Stephen Farrell"
<cfrg-bounces@irtf.org on behalf of stephen.farrell@cs.tcd.ie> wrote:

>
>Hiya,
>
>There's an erratum posted for hmac [1] where I'd be
>interested in what folks here think.
>
>I'm unsure if this is a real problem, esp given that
>there are I guess a lot of implementations.
>
>And even if it were a real problem, I'm not sure we'd
>want that fix.
>
>Opinions welcome...
>
>Thanks,
>S.
>
>[1]
>https://www.rfc-editor.org/errata_search.php?rfc=2104&eid=4809&rec_status=
>15&area_acronym=&errata_type=&wg_acronym=&submitter_name=&stream_name=&sub
>mit_date=&presentation=records
>

_______________________________________________
Cfrg mailing list
Cfrg@irtf.org
https://www.irtf.org/mailman/listinfo/cfrg