Re: about security level evaluation of draft-zhou-6man-mhash-cga-00
Jari Arkko <jari.arkko@piuha.net> Tue, 27 March 2012 21:23 UTC
Return-Path: <jari.arkko@piuha.net>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E091E21F8513 for <ipv6@ietfa.amsl.com>; Tue, 27 Mar 2012 14:23:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.525
X-Spam-Level:
X-Spam-Status: No, score=-102.525 tagged_above=-999 required=5 tests=[AWL=0.074, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bC3Bvz9ML-uE for <ipv6@ietfa.amsl.com>; Tue, 27 Mar 2012 14:23:01 -0700 (PDT)
Received: from p130.piuha.net (p130.piuha.net [IPv6:2001:14b8:400::130]) by ietfa.amsl.com (Postfix) with ESMTP id 576F021F8510 for <ipv6@ietf.org>; Tue, 27 Mar 2012 14:23:01 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by p130.piuha.net (Postfix) with ESMTP id A87F12D35A; Wed, 28 Mar 2012 00:23:00 +0300 (EEST)
X-Virus-Scanned: amavisd-new at piuha.net
Received: from p130.piuha.net ([127.0.0.1]) by localhost (p130.piuha.net [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ymR3tl-r19jP; Wed, 28 Mar 2012 00:23:00 +0300 (EEST)
Received: from [127.0.0.1] (p130.piuha.net [IPv6:2001:14b8:400::130]) by p130.piuha.net (Postfix) with ESMTP id EE9F02CC56; Wed, 28 Mar 2012 00:22:59 +0300 (EEST)
Message-ID: <4F722FB3.1010606@piuha.net>
Date: Tue, 27 Mar 2012 23:22:59 +0200
From: Jari Arkko <jari.arkko@piuha.net>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:10.0.2) Gecko/20120216 Thunderbird/10.0.2
MIME-Version: 1.0
To: Christian Huitema <huitema@microsoft.com>
Subject: Re: about security level evaluation of draft-zhou-6man-mhash-cga-00
References: <OF974F286A.B19B0ED5-ONC12579CE.004B58ED-C12579CE.004C335D@zte.com.cn> <4F71CD00.8000208@piuha.net> <C91E67751B1EFF41B857DE2FE1F68ABA03CCFA91@tk5ex14mbxc272.redmond.corp.microsoft.com>
In-Reply-To: <C91E67751B1EFF41B857DE2FE1F68ABA03CCFA91@tk5ex14mbxc272.redmond.corp.microsoft.com>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Cc: "ipv6@ietf.org" <ipv6@ietf.org>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipv6>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 27 Mar 2012 21:23:02 -0000
Christian, >> Well, I think it is quite a simple trade-off. Increasing Sec increases computational effort on both sides by equal amount. Increasing the length of >> the hash increases computational effort only on the attacker side. As a result, the hash bits are relatively valuable. > Jari, the effect of sec is different on both sides. The effort is not increased "by equal amount" but rather "in the same proportion." Suppose that an attacker could crack the 59 bit hash in a day with sec=0. Adding sec = 1 means that the attacker will have to try 65536 times as many keys. The time to crack becomes 65536 hours, i.e. about 7 years. The defender will have to try 65536 instead of one to get the right sec, taking only a fraction of a second. Right. I was imprecise in what I said. In the same proportion is right. Jari
- Meta comment about "3484bis and privacy addresses" Fernando Gont
- about security level evaluation of draft-zhou-6ma… zhou.sujing
- Re: about security level evaluation of draft-zhou… Jari Arkko
- Re: Meta comment about "3484bis and privacy addre… Dominik Elsbroek
- 答复: Re: about security level evaluation of draft-… zhou.sujing
- draft-gont-6man-stable-privacy-addresses (was: Re… Fernando Gont
- Re: draft-gont-6man-stable-privacy-addresses (was… Jong-Hyouk Lee
- Re: Meta comment about "3484bis and privacy addre… Brian Haberman
- RE: about security level evaluation of draft-zhou… Christian Huitema
- Re: about security level evaluation of draft-zhou… Jari Arkko
- 答复: RE: about security level evaluation of draft-… zhou.sujing
- RE: RE: about security level evaluation of draft-… Christian Huitema
- 答复: RE: RE: about security level evaluation of dr… zhou.sujing
- RE: RE: RE: about security level evaluation of dr… Christian Huitema