Re: [Gen-art] Gen-ART Telechat Review of draft-ietf-csi-hash-threat-09
"McCann Peter-A001034" <pete.mccann@motorola.com> Wed, 10 March 2010 15:51 UTC
Return-Path: <pete.mccann@motorola.com>
X-Original-To: gen-art@core3.amsl.com
Delivered-To: gen-art@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 19DB93A6BD8 for <gen-art@core3.amsl.com>; Wed, 10 Mar 2010 07:51:36 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.599
X-Spam-Level:
X-Spam-Status: No, score=-6.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vU1PSwUAMF60 for <gen-art@core3.amsl.com>; Wed, 10 Mar 2010 07:51:35 -0800 (PST)
Received: from mail128.messagelabs.com (mail128.messagelabs.com [216.82.250.131]) by core3.amsl.com (Postfix) with ESMTP id 132233A6BD7 for <gen-art@ietf.org>; Wed, 10 Mar 2010 07:51:35 -0800 (PST)
X-VirusChecked: Checked
X-Env-Sender: pete.mccann@motorola.com
X-Msg-Ref: server-2.tower-128.messagelabs.com!1268236296!11183035!1
X-StarScan-Version: 6.2.4; banners=-,-,-
X-Originating-IP: [129.188.136.8]
Received: (qmail 7997 invoked from network); 10 Mar 2010 15:51:37 -0000
Received: from motgate8.mot.com (HELO motgate8.mot.com) (129.188.136.8) by server-2.tower-128.messagelabs.com with DHE-RSA-AES256-SHA encrypted SMTP; 10 Mar 2010 15:51:37 -0000
Received: from il06exr04.mot.com (il06exr04.mot.com [129.188.137.134]) by motgate8.mot.com (8.14.3/8.14.3) with ESMTP id o2AFpa2C029670 for <gen-art@ietf.org>; Wed, 10 Mar 2010 08:51:36 -0700 (MST)
Received: from il06vts03.mot.com (il06vts03.mot.com [129.188.137.143]) by il06exr04.mot.com (8.13.1/Vontu) with SMTP id o2AFpZ2e017495 for <gen-art@ietf.org>; Wed, 10 Mar 2010 09:51:36 -0600 (CST)
Received: from de01exm70.ds.mot.com (de01exm70.am.mot.com [10.176.8.26]) by il06exr04.mot.com (8.13.1/8.13.0) with ESMTP id o2AFpXQb017479 for <gen-art@ietf.org>; Wed, 10 Mar 2010 09:51:34 -0600 (CST)
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Date: Wed, 10 Mar 2010 10:51:12 -0500
Message-ID: <274D46DDEB9F2244B2F1EA66B3FF54BC0657FC3F@de01exm70.ds.mot.com>
In-Reply-To: <4B9742B1.7080709@fer.hr>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: Gen-ART Telechat Review of draft-ietf-csi-hash-threat-09
thread-index: AcrAHvQ56CH2WL7lS5mcW+lW+OfGxwAR8QTw
References: <274D46DDEB9F2244B2F1EA66B3FF54BC0657FA78@de01exm70.ds.mot.com> <4B971860.4060507@ericsson.com> <4B9742B1.7080709@fer.hr>
From: McCann Peter-A001034 <pete.mccann@motorola.com>
To: Ana Kukec <anchie@fer.hr>, Suresh Krishnan <suresh.krishnan@ericsson.com>
X-CFilter-Loop: Reflected
Cc: gen-art@ietf.org, draft-ietf-csi-hash-threat.all@tools.ietf.org
Subject: Re: [Gen-art] Gen-ART Telechat Review of draft-ietf-csi-hash-threat-09
X-BeenThere: gen-art@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "GEN-ART: General Area Review Team" <gen-art.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/gen-art>, <mailto:gen-art-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/gen-art>
List-Post: <mailto:gen-art@ietf.org>
List-Help: <mailto:gen-art-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/gen-art>, <mailto:gen-art-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 10 Mar 2010 15:51:36 -0000
Hi, Ana, Ana Kukec wrote: > Hi all, > > Pete, thank you for the comments. > > I've changed the draft and took into account all the comments from > this email. Some comments are below, inline. > > > > Suresh Krishnan wrote: >> >>> >>> >>> Introduction: >>> There is a great variaty of hash functions, but only MD5 and >>> SHA-1 are in the wide use, which is also the case for SEND >>> This sentence makes a statement about MD5 and SHA-1 being the only >>> widely used hash functions, but I can't figure out what it is >>> saying about SEND. Is it saying that SEND is widely used? Or did >>> you mean to say that SEND implementations typically only implement >>> MD5 and SHA-1? >> >> The latter. I propose changing the text to >> >> "There is a great variety of hash functions, but only MD5 and SHA-1 >> are widely used. SEND implementations also typically use these two >> hash algorithms." >> > > I've changed the text according to your suggestion Suresh. Ok, thanks. >>> But this sentence is just plain >>> incorrect (see below). >>> Due to >>> the birthday attack, if the hash function is supplied with a >>> random input, it returns one of the k equally-likely values, and >>> the number of operations can be reduced to the number of >>> 1.2*2^(n/2) operations. There is no "birthday attack." And I think >>> you meant 2^n instead of k. The result you give is due to an >>> equation that is commonly illustrated with a problem known as the >>> "birthday paradox." >> >> Right. A birthday attack is an attack that exploits the mathematics >> behind the birthday paradox. It is a fairly commonly used term. Would >> you like me to change something? > > That's right -- birthday attack is common term, but only in > cryptography. I was relying on Bruce Schneier's book "Applied > cryptography" where he uses both the term "birthday attack" and the > equation. Maybe i can make the sentence more clear: > > "Due to the birthday attack, if the hash function is supplied with a > random input, it returns one of the equally-likely n-bit hash values, > and the number of operations can be reduced to the number of > 1.2*2^(n/2) > operations." I would propose replacing all of this: Supposing that the hash function produces an n-bit long output, since each output is equally likely, an attack takes an order of 2^n operations to be successful. Due to the birthday attack, if the hash function is supplied with a random input, it returns one of the k equally-likely values, and the number of operations can be reduced to the number of 1.2*2^(n/2) operations. With this: If the hash function produces an n-bit long output, then each of the 2^n outputs can be considered equally likely. An attacker searching randomly or pseudo-randomly through the space of input messages can be expected to find a hash collision after approximately 1.25 * 2^(n/2) trials, due to the mathematics of the birthday problem [ref]. Perhaps find a good reference for "birthday problem." Schneier might be good, but wikipedia also suggests this one: E. H. McKinney (1966) Generalized Birthday Problem, American Mathematical Monthly 73, 385-387. > > Other comments are fixed. Thanks, -Pete > Ana
- [Gen-art] Gen-ART Telechat Review of draft-ietf-c… McCann Peter-A001034
- Re: [Gen-art] Gen-ART Telechat Review of draft-ie… Suresh Krishnan
- Re: [Gen-art] Gen-ART Telechat Review of draft-ie… Ana Kukec
- Re: [Gen-art] Gen-ART Telechat Review of draft-ie… McCann Peter-A001034