IETF Logo Mail Archive

Re: I-D ACTION:draft-ietf-ipsec-ciph-sha-256-00.txt

Paul Koning <pkoning@equallogic.com> Wed, 12 December 2001 21:08 UTC

Received: from lists.tislabs.com (portal.gw.tislabs.com [192.94.214.101]) by above.proper.com (8.11.6/8.11.3) with ESMTP id fBCL8U205012; Wed, 12 Dec 2001 13:08:31 -0800 (PST)
Received: by lists.tislabs.com (8.9.1/8.9.1) id PAA20113 Wed, 12 Dec 2001 15:23:14 -0500 (EST)
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Message-ID: <15383.48863.893728.721499@pkoning.dev.equallogic.com>
Date: Wed, 12 Dec 2001 15:32:31 -0500
From: Paul Koning <pkoning@equallogic.com>
To: ipsec@lists.tislabs.com
Subject: Re: I-D ACTION:draft-ietf-ipsec-ciph-sha-256-00.txt
References: <200111191329.IAA26802@ietf.org> <20011213033745S.sakane@kame.net>
X-Mailer: VM 6.75 under 21.1 (patch 11) "Carlsbad Caverns" XEmacs Lucid
Sender: owner-ipsec@lists.tislabs.com
Precedence: bulk

>>>>> "Shoichi" == Shoichi Sakane <sakane@kame.net> writes:

 >> Title : The HMAC-SHA-256-96 Algorithm and Its Use With IPsec
 >> Author(s) : S. Frankel, S. Kelly Filename :
 >> draft-ietf-ipsec-ciph-sha-256-00.txt Pages : 8 Date : 16-Nov-01

 Shoichi> the section 5 in RFC2104 says,

 > We recommend that the output length t be not less than half
 > the length of the hash output (to match the birthday attack
 > bound) and not less than 80 bits (a suitable lower bound on
 > the number of bits that need to be predicted by an
 > attacker).

 Shoichi> is that ok to truncate into 96bit ?

Applying the text from 2104 says "no" and the length should instead be
128 or more. 

Which makes me wonder: why was 96 chosen for the original 2 HMACs and
not 80?  80 would be the minimum value that satisfies the guideline
from RFC 2104.  Should therefore the SHA-2 based HMAC use a length
greater than 128 bits?

	paul

v2.23.0 | Report a Bug | By Email