Re: replay field size

"Perry E. Metzger" <perry@piermont.com> Wed, 12 February 1997 16:38 UTC

Received: (from majordom@localhost) by portal.ex.tis.com (8.8.2/8.8.2) id LAA27099 for ipsec-outgoing; Wed, 12 Feb 1997 11:38:51 -0500 (EST)
Message-Id: <199702121642.LAA00795@jekyll.piermont.com>
X-Authentication-Warning: jekyll.piermont.com: [[UNIX: localhost]] didn't use HELO protocol
To: Phil Karn <karn@qualcomm.com>
cc: mjo@tycho.ncsc.mil, ipsec@tis.com, rja@inet.org, palamber@us.oracle.com
Subject: Re: replay field size
In-reply-to: Your message of "Tue, 11 Feb 1997 22:04:54 PST." <199702120604.WAA21035@servo.qualcomm.com>
Reply-To: perry@piermont.com
X-Reposting-Policy: redistribute only with permission
Date: Wed, 12 Feb 1997 11:42:36 -0500
From: "Perry E. Metzger" <perry@piermont.com>
Sender: owner-ipsec@ex.tis.com
Precedence: bulk

Phil Karn writes:
> My opinions:
> 
> Make the replay counters 32 bits for both AH and ESP. Should be plenty
> for any rational key lifetime, and the arithmetic is easier on
> compilers without "long long" data types...
> 
> Shorten the SHA-1 hash to 128 bits. Probably won't be any worse than
> MD-5...

Phil;

Actually, if you've been following the MAC debates, the cryptographers
say taking part of a hash makes a better MAC than taking the full one.

Perry