Re: Truncation (was Re: replay field size)
Niels Ferguson <niels@digicash.com> Wed, 12 February 1997 20:26 UTC
Received: from cnri by ietf.org id aa15576; 12 Feb 97 15:26 EST
Received: from portal.ex.tis.com by CNRI.Reston.VA.US id aa07578; 12 Feb 97 15:26 EST
Received: (from majordom@localhost) by portal.ex.tis.com (8.8.2/8.8.2) id PAA28909 for ipsec-outgoing; Wed, 12 Feb 1997 15:14:57 -0500 (EST)
Message-Id: <199702122019.VAA20459@digicash.com>
From: Niels Ferguson <niels@digicash.com>
To: ipsec@tis.com
MMDF-Warning: Parse error in original version of preceding line at CNRI.Reston.VA.US
Subject: Re: Truncation (was Re: replay field size)
Date: Wed, 12 Feb 1997 21:20:00 +0100
X-MSMail-Priority: Normal
X-Priority: 3
X-Mailer: Microsoft Internet Mail 4.70.1155
MIME-Version: 1.0
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
Sender: owner-ipsec@ex.tis.com
Precedence: bulk
Several people have pointed out that the discussion was about truncating the MAC value produces by HMAC, not truncating the hash value produced by SHA-1. Truncating the MAC value is, as far as I know, a very good idea. It might be worth to concider truncating the MAC to 96 bits, if this helps reducing the total overhead. This would be big enough from a security point of view. (See remark 4.8 in the HMAC paper "Keying Hash Functions for Message Authentication" by Bellare, Canetti and Krawczyk, and the resently re-posted remarks of Hugo.) My apologies for the misunderstanding, I should have checked in the archive what the discussion was about and not naively taken the messages at face value. Niels -------------------------------------------------------------------------- Niels Ferguson, email: niels@DigiCash.com. (usual disclaimer applies) ...Of shoes, and ships, and sealing-wax, of cabbages, and kings, And why the sea is boiling hot, and whether pigs have wings... [Carroll]
- Truncation (was Re: replay field size) LUIS SAIZ GIMENO
- Re: Truncation (was Re: replay field size) Niels Ferguson