IETF Logo Mail Archive

[Cfrg] Fwd: Hash-Based Key Derivation

David Wagner <daw@cs.berkeley.edu> Tue, 25 October 2005 18:52 UTC

Received: from localhost.localdomain ([127.0.0.1] helo=megatron.ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1EUTu5-0000hO-F9; Tue, 25 Oct 2005 14:52:09 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1EUTu3-0000hE-O1 for cfrg@megatron.ietf.org; Tue, 25 Oct 2005 14:52:07 -0400
Received: from ietf-mx.ietf.org (ietf-mx [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id OAA12241 for <cfrg@ietf.org>; Tue, 25 Oct 2005 14:51:53 -0400 (EDT)
Received: from taverner.cs.berkeley.edu ([128.32.168.222]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1EUU74-00061D-ET for cfrg@ietf.org; Tue, 25 Oct 2005 15:05:34 -0400
Received: from taverner.CS.Berkeley.EDU (localhost.localdomain [127.0.0.1]) by taverner.CS.Berkeley.EDU (8.13.1/8.13.1) with ESMTP id j9PIpwgs017261 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Tue, 25 Oct 2005 11:51:58 -0700
Received: (from daw@localhost) by taverner.CS.Berkeley.EDU (8.13.1/8.13.1/Submit) id j9PIpwkE017257; Tue, 25 Oct 2005 11:51:58 -0700
From: David Wagner <daw@cs.berkeley.edu>
Message-Id: <200510251851.j9PIpwkE017257@taverner.CS.Berkeley.EDU>
Subject: [Cfrg] Fwd: Hash-Based Key Derivation
To: cfrg@ietf.org
Date: Tue, 25 Oct 2005 11:51:58 -0700
Secret-Bounce-Tag: 9a029cbee41caf2ca77a77efa3c13981
X-Mailer: ELM [version 2.5 PL6]
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 2409bba43e9c8d580670fda8b695204a
Content-Transfer-Encoding: 7bit
X-BeenThere: cfrg@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: David Wagner <daw-usenet@taverner.CS.Berkeley.EDU>
List-Id: Crypto Forum Research Group <cfrg.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:cfrg@ietf.org>
List-Help: <mailto:cfrg-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@ietf.org?subject=subscribe>
Sender: cfrg-bounces@ietf.org
Errors-To: cfrg-bounces@ietf.org

>> I wanted call your attention to an individual draft on "Hash-Based  
>> Key Derivation."
>>       http://www.ietf.org/internet-drafts/draft-dang-nistkdf-00.txt

General: The document doesn't specify how integers are to be encoded.
Little-endian?  Big-endian?  It seems to me that protocols that reference
this spec should be required to specify the encoding of integers into
bit-strings.

2.1.2: algorithmOID is variable-length, but there is no length field
prepended to it.  It seems like this omission should be remedied.

2.1.4: The size of keydatalen is not specified.  It should be.

2.1.6: I'm not entirely certain about the requirement that "protocols
SHOULD support multiple hashes"; perhaps that SHOULD should be a MAY.

2.2: I agree that the spec should probably be using a PRF (e.g., H-HMAC)
rather than a plain hash (H), and probably should be pre-hashing the secret
value with H (depending upon the properties of the PRF).

4: Should there be some discussion about the dangers of hash negotiation
(e.g., that your security against active attacks might degrade to that
of the weakest hash supported)?

In general, it looks like a useful standard.  It has a few little
rough edges, but they can easily be smoothed off.

_______________________________________________
Cfrg mailing list
Cfrg@ietf.org
https://www1.ietf.org/mailman/listinfo/cfrg

v2.23.0 | Report a Bug | By Email