[Hipsec] Proposed new HASH Parameter
Robert Moskowitz <rgm@htt-consult.com> Wed, 06 January 2010 15:44 UTC
Return-Path: <rgm@htt-consult.com>
X-Original-To: hipsec@core3.amsl.com
Delivered-To: hipsec@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 2DECE3A6830 for <hipsec@core3.amsl.com>; Wed, 6 Jan 2010 07:44:58 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cmPd7pxynjBp for <hipsec@core3.amsl.com>; Wed, 6 Jan 2010 07:44:57 -0800 (PST)
Received: from klovia.htt-consult.com (klovia.htt-consult.com [208.83.67.149]) by core3.amsl.com (Postfix) with ESMTP id 57D2E3A67AE for <hipsec@ietf.org>; Wed, 6 Jan 2010 07:44:57 -0800 (PST)
Received: from localhost (unknown [127.0.0.1]) by klovia.htt-consult.com (Postfix) with ESMTP id B120F68B8C for <hipsec@ietf.org>; Wed, 6 Jan 2010 16:42:33 +0000 (UTC)
X-Virus-Scanned: amavisd-new at localhost
Received: from klovia.htt-consult.com ([127.0.0.1]) by localhost (klovia.htt-consult.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id H4obegUoEU2p for <hipsec@ietf.org>; Wed, 6 Jan 2010 11:42:25 -0500 (EST)
Received: from nc2400.htt-consult.com (unknown [IPv6:2607:f4b8:3:1:21b:77ff:fe43:978]) (Authenticated sender: rgm@htt-consult.com) by klovia.htt-consult.com (Postfix) with ESMTPSA id 0E49468B85 for <hipsec@ietf.org>; Wed, 6 Jan 2010 11:42:25 -0500 (EST)
Message-ID: <4B44AFEB.5000806@htt-consult.com>
Date: Wed, 06 Jan 2010 10:44:43 -0500
From: Robert Moskowitz <rgm@htt-consult.com>
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.1.5) Gecko/20091209 Fedora/3.0-4.fc12 Thunderbird/3.0
MIME-Version: 1.0
To: HIP <hipsec@ietf.org>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Subject: [Hipsec] Proposed new HASH Parameter
X-BeenThere: hipsec@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the official IETF Mailing List for the HIP Working Group." <hipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/hipsec>, <mailto:hipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/hipsec>
List-Post: <mailto:hipsec@ietf.org>
List-Help: <mailto:hipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hipsec>, <mailto:hipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 06 Jan 2010 15:44:58 -0000
A new HIP Parameter: HASH is proposed. This is the HI Hash, or HIH.
The values are:
Hash Value
Reserved 0
SHA-1 1
SHA-2 2
2 will be MANDITORY to implement and 1 is SHOULD. Once NIST comes out
with a new hash, we will add it to the list.
The revised BEX that Tobias, with Miika's and my help is working on,
will include this parameter and address the downgrade attacks that are
introduced by HIH.
Tobias did a quick and dirty test with openssl speed on his machine
during normal operation shows the following:
The 'numbers' are in 1000s of bytes per second
processed.
type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes
sha256 16335.80k 41030.10k 76838.89k 96992.97k 107657.16k
sha1 21577.09k 66409.19k 157907.49k 235312.60k 27521 8.50k
Speed drops to 75-30% However, he assumes that it is still
sufficiently fast.
Code size shouldn't be an issue since the main difference
between SHA-1 and SHA-256 lies in the number of rounds.
However, since the lookup table for the inversion step
is a bit larger but not dramaticaly.
===========================================
- [Hipsec] Proposed new HASH Parameter Robert Moskowitz