Re: Truncation (was Re: replay field size)

Niels Ferguson <niels@digicash.com> Wed, 12 February 1997 20:26 UTC

Received: from cnri by ietf.org id aa15576; 12 Feb 97 15:26 EST
Received: from portal.ex.tis.com by CNRI.Reston.VA.US id aa07578; 12 Feb 97 15:26 EST
Received: (from majordom@localhost) by portal.ex.tis.com (8.8.2/8.8.2) id PAA28909 for ipsec-outgoing; Wed, 12 Feb 1997 15:14:57 -0500 (EST)
Message-Id: <199702122019.VAA20459@digicash.com>
From: Niels Ferguson <niels@digicash.com>
To: ipsec@tis.com
MMDF-Warning: Parse error in original version of preceding line at CNRI.Reston.VA.US
Subject: Re: Truncation (was Re: replay field size)
Date: Wed, 12 Feb 1997 21:20:00 +0100
X-MSMail-Priority: Normal
X-Priority: 3
X-Mailer: Microsoft Internet Mail 4.70.1155
MIME-Version: 1.0
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
Sender: owner-ipsec@ex.tis.com
Precedence: bulk

Several people have pointed out that the discussion was about truncating
the MAC value produces by HMAC, not truncating the hash value produced by
SHA-1. 
Truncating the MAC value is, as far as I know, a very good idea.

It might be worth to concider truncating the MAC to 96 bits, if this helps
reducing the total overhead. This would be big enough from a security point
of view. (See remark 4.8 in the HMAC paper "Keying Hash Functions for
Message Authentication" by Bellare, Canetti and Krawczyk, and the resently
re-posted remarks of Hugo.)

My apologies for the misunderstanding, I should have checked in the archive
what the discussion was about and not naively taken the messages at face
value.

Niels

--------------------------------------------------------------------------
Niels Ferguson, email: niels@DigiCash.com. (usual disclaimer applies)
  ...Of shoes, and ships, and sealing-wax, of cabbages, and kings,
  And why the sea is boiling hot, and whether pigs have wings... [Carroll]