Re: [Cfrg] WG last call on latest OCB draft.
David Jacobson <dmjacobson@sbcglobal.net> Wed, 12 June 2013 16:47 UTC
Return-Path: <dmjacobson@sbcglobal.net>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4305621F994C for <cfrg@ietfa.amsl.com>; Wed, 12 Jun 2013 09:47:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rej+-37U04Qh for <cfrg@ietfa.amsl.com>; Wed, 12 Jun 2013 09:46:57 -0700 (PDT)
Received: from nm21-vm0.access.bullet.mail.sp2.yahoo.com (nm21-vm0.access.bullet.mail.sp2.yahoo.com [98.139.44.176]) by ietfa.amsl.com (Postfix) with ESMTP id 197C421F9949 for <cfrg@irtf.org>; Wed, 12 Jun 2013 09:46:57 -0700 (PDT)
Received: from [98.139.44.101] by nm21.access.bullet.mail.sp2.yahoo.com with NNFMP; 12 Jun 2013 16:46:56 -0000
Received: from [67.195.22.117] by tm6.access.bullet.mail.sp2.yahoo.com with NNFMP; 12 Jun 2013 16:46:56 -0000
Received: from [127.0.0.1] by smtp112.sbc.mail.gq1.yahoo.com with NNFMP; 12 Jun 2013 16:46:56 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sbcglobal.net; s=s1024; t=1371055616; bh=fxdEb5XCJfkP/P1C/6OE1OOccKqGkGjg28DE0EvMVEQ=; h=X-Yahoo-Newman-Id:X-Yahoo-Newman-Property:X-YMail-OSG:X-Yahoo-SMTP:X-Rocket-Received:Message-ID:Date:From:User-Agent:MIME-Version:To:CC:Subject:References:In-Reply-To:Content-Type:Content-Transfer-Encoding; b=s1q+pRBEUyEmXafFo1EEn6PP4WmbHVhKn5MSwRN4SwS8r9a8Sg7kK0I/haYudjn/1b8pYpdBKqW9NzyyB7fq9q2inPGWwBawxue431LKxzm6mQIEGirfr6kHXVYZ+MuFvcu6Fy5LGvZuJijhSE70b1L9jn5br4VxNwtb15sOM1Q=
X-Yahoo-Newman-Id: 745527.25816.bm@smtp112.sbc.mail.gq1.yahoo.com
X-Yahoo-Newman-Property: ymail-3
X-YMail-OSG: VRg03osVM1l1v7FVLpTfmfWILbn3Z0FQtkshfnq9aZVfnJw IfdSaRPsSz8nzdwtAwTu41ITWXCmwn2ca75nGhWeWpUj2_Atbof2dsVZKL6P LFG8jn366eNi0FoVlGiqUNImNnx1Rz2B8lmdr2ljy4sHs.7CP01kuhc2cDh4 184c6nJt.0b5RpW0SmAdKnVe8fSaMEmbpwB5p1iw6L52jIInEmL3A.saKhJw QMSWUzog40FC05OXXmukYE_YEuo_oK473YUhJnjS4QN8d8ZV1aIvrxEZlHLs aRRlWbv9Fuk5KPGta4eJ0JVzayPwYpYcToMCQFZqqe7XhTsQTrTLfuEcNZ_G rQ_Tc1ZpLaYj2eWCSlWZigPx.dvwbzNznON.9GTv.Fq77ksi4B8vo7t3qsFd W3wNmfS7.VFC4NhItNc7ORA4hfFEwPrzFDIsHXEjl9yOH7asj2mZXbvg5pX7 td.O6LkPAUmyvpUa9OdvVvZscKJEmw0DFoXrzhrMDX_4vq1qSQDxGWR6BFrq UoO96CkndsSaYWkRpQMjJ4v7Bic1QOPiisHWx
X-Yahoo-SMTP: nOrmCa6swBAE50FabWnlVFUpgFVJ9Gbi__8U5mpvhtQq7tTV1g--
X-Rocket-Received: from [192.168.1.64] (dmjacobson@99.120.98.171 with plain) by smtp112.sbc.mail.gq1.yahoo.com with SMTP; 12 Jun 2013 09:46:56 -0700 PDT
Message-ID: <51B8A5FF.5020401@sbcglobal.net>
Date: Wed, 12 Jun 2013 09:46:55 -0700
From: David Jacobson <dmjacobson@sbcglobal.net>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:17.0) Gecko/20130509 Thunderbird/17.0.6
MIME-Version: 1.0
To: Ted Krovetz <ted@krovetz.net>
References: <alpine.WNT.2.00.1306031235280.6196@RogawaySamsung9> <810C31990B57ED40B2062BA10D43FBF518BD79@XMB111CNC.rim.net> <20130604190104.GA29597@randombit.net> <3C4AAD4B5304AB44A6BA85173B4675CAB24340B0@MSMR-GH1-UEA03.corp.nsa.gov> <73E378E8-AD59-4556-88A4-BB16E0DA779E@krovetz.net>
In-Reply-To: <73E378E8-AD59-4556-88A4-BB16E0DA779E@krovetz.net>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Cc: Phillip Rogaway <rogaway@cs.ucdavis.edu>, "cfrg@irtf.org" <cfrg@irtf.org>
Subject: Re: [Cfrg] WG last call on latest OCB draft.
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/cfrg>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Wed, 12 Jun 2013 16:47:03 -0000
On 6/12/13 7:08 AM, Ted Krovetz wrote: > Thanks Kevin for pushing OCB along. > >> 2) OCB is too widespread to make such a substantive change at this late date. > Actually, Phil and I have decided to make the change. We agree that it is a good idea, and since we figured out how to do it without affecting existing users of 128-bit tags, we think it's worth the break. > > A draft that makes the change will be posted later today or tomorrow. It will not need much changing over -02, so hopefully it won't take much further review. > > -Ted [snip] And just an only semi-relevant little point: The key derivation functions in SP 800-108 all include the number of output bits in the computation. So if you use exactly the same key, label, and context, and generate a 128 bit key and a 256 bit key, the two keys are completely different. They could have not done that and instead made the argument that people should know better than to... . I think that mixing the output length into the computation of both KDFs and authentication tags is good. --David
- Re: [Cfrg] Attacker changing the tag length in OCB Phillip Rogaway
- Re: [Cfrg] Attacker changing the tag length in OCB Manger, James H
- Re: [Cfrg] Attacker changing the tag length in OCB David McGrew
- Re: [Cfrg] Attacker changing the tag length in OCB Dan Brown
- Re: [Cfrg] Attacker changing the tag length in OCB Blumenthal, Uri - 0558 - MITLL
- Re: [Cfrg] Attacker changing the tag length in OCB Jack Lloyd
- [Cfrg] WG last call on latest OCB draft. Igoe, Kevin M.
- Re: [Cfrg] WG last call on latest OCB draft. Ted Krovetz
- Re: [Cfrg] WG last call on latest OCB draft. David Jacobson