IETF Logo Mail Archive

RE: about security level evaluation of draft-zhou-6man-mhash-cga-00

Christian Huitema <huitema@microsoft.com> Tue, 27 March 2012 21:00 UTC

Return-Path: <huitema@microsoft.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4B04121E8026 for <ipv6@ietfa.amsl.com>; Tue, 27 Mar 2012 14:00:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.599
X-Spam-Level:
X-Spam-Status: No, score=-3.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 56CfF3G12IOu for <ipv6@ietfa.amsl.com>; Tue, 27 Mar 2012 14:00:34 -0700 (PDT)
Received: from va3outboundpool.messaging.microsoft.com (va3ehsobe004.messaging.microsoft.com [216.32.180.14]) by ietfa.amsl.com (Postfix) with ESMTP id 2B86121E801E for <ipv6@ietf.org>; Tue, 27 Mar 2012 14:00:34 -0700 (PDT)
Received: from mail72-va3-R.bigfish.com (10.7.14.236) by VA3EHSOBE005.bigfish.com (10.7.40.25) with Microsoft SMTP Server id 14.1.225.23; Tue, 27 Mar 2012 21:00:19 +0000
Received: from mail72-va3 (localhost [127.0.0.1]) by mail72-va3-R.bigfish.com (Postfix) with ESMTP id 7C5E42201E8; Tue, 27 Mar 2012 21:00:19 +0000 (UTC)
X-SpamScore: 0
X-BigFish: VS0(zzzz1202hzzz2fh2a8h668h839h944hd25h)
X-Forefront-Antispam-Report: CIP:131.107.125.8; KIP:(null); UIP:(null); IPV:NLI; H:TK5EX14HUBC101.redmond.corp.microsoft.com; RD:none; EFVD:NLI
Received-SPF: pass (mail72-va3: domain of microsoft.com designates 131.107.125.8 as permitted sender) client-ip=131.107.125.8; envelope-from=huitema@microsoft.com; helo=TK5EX14HUBC101.redmond.corp.microsoft.com ; icrosoft.com ;
Received: from mail72-va3 (localhost.localdomain [127.0.0.1]) by mail72-va3 (MessageSwitch) id 1332882016692996_12976; Tue, 27 Mar 2012 21:00:16 +0000 (UTC)
Received: from VA3EHSMHS005.bigfish.com (unknown [10.7.14.249]) by mail72-va3.bigfish.com (Postfix) with ESMTP id A303136006F; Tue, 27 Mar 2012 21:00:16 +0000 (UTC)
Received: from TK5EX14HUBC101.redmond.corp.microsoft.com (131.107.125.8) by VA3EHSMHS005.bigfish.com (10.7.99.15) with Microsoft SMTP Server (TLS) id 14.1.225.23; Tue, 27 Mar 2012 21:00:14 +0000
Received: from TK5EX14MBXC272.redmond.corp.microsoft.com ([169.254.2.3]) by TK5EX14HUBC101.redmond.corp.microsoft.com ([157.54.7.153]) with mapi id 14.02.0283.004; Tue, 27 Mar 2012 21:00:11 +0000
From: Christian Huitema <huitema@microsoft.com>
To: Jari Arkko <jari.arkko@piuha.net>, "zhou.sujing@zte.com.cn" <zhou.sujing@zte.com.cn>
Subject: RE: about security level evaluation of draft-zhou-6man-mhash-cga-00
Thread-Topic: about security level evaluation of draft-zhou-6man-mhash-cga-00
Thread-Index: AQHNDCUWKLxARtLzBUSojhXcXZo3xpZ+nkYw
Date: Tue, 27 Mar 2012 21:00:09 +0000
Message-ID: <C91E67751B1EFF41B857DE2FE1F68ABA03CCFA91@tk5ex14mbxc272.redmond.corp.microsoft.com>
References: <OF974F286A.B19B0ED5-ONC12579CE.004B58ED-C12579CE.004C335D@zte.com.cn> <4F71CD00.8000208@piuha.net>
In-Reply-To: <4F71CD00.8000208@piuha.net>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [157.54.51.78]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
Cc: "ipv6@ietf.org" <ipv6@ietf.org>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipv6>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 27 Mar 2012 21:00:35 -0000

> Well, I think it is quite a simple trade-off. Increasing Sec increases computational effort on both sides by equal amount. Increasing the length of 
> the hash increases computational effort only on the attacker side. As a result, the hash bits are relatively valuable.

Jari, the effect of sec is different on both sides. The effort is not increased "by equal amount" but rather "in the same proportion." Suppose that an attacker could crack the 59 bit hash in a day with sec=0. Adding sec = 1 means that the attacker will have to try 65536 times as many keys. The time to crack becomes 65536 hours, i.e. about 7 years. The defender will have to try 65536 instead of one to get the right sec, taking only  a fraction of a second. 

> 1) Status quo: RFC 4982 eats three bits for Sec, leaving 59 bits of hash length after accommodating for u and g bits as well. The good with this is 
> that it leaves maximum size for hash. The bad is that it is less flexible for adding many new hash algorithms.

I kind of like the status quo.

> 2) The proposed new approach: Eat a total of six bits, for Sec and the hash algorithm identifier. 56 bits remain. The good is that this gives more 
> flexibility to allocate hash algorithms, including the ability to independently choose Sec and the algorithm. The bad is that the hash size is 
> decreased.

Decreased a lot. On the other hand, if we do gain the flexibility to define new algorithms, then we can define a mandatory-to-implement algorithm that incorporates the equivalent of the "sec" strengthening.

-- Christian Huitema

v2.23.0 | Report a Bug | By Email