IETF Logo Mail Archive

Re: [jose] PBES2-HS256+A256KW or PBES2-HS512+A256KW?

Sean Turner <turners@ieca.com> Fri, 26 July 2013 13:27 UTC

Return-Path: <turners@ieca.com>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EBD4221F9991 for <jose@ietfa.amsl.com>; Fri, 26 Jul 2013 06:27:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -101.335
X-Spam-Level:
X-Spam-Status: No, score=-101.335 tagged_above=-999 required=5 tests=[AWL=-0.929, BAYES_20=-0.74, IP_NOT_FRIENDLY=0.334, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MN-O7BD4zMSH for <jose@ietfa.amsl.com>; Fri, 26 Jul 2013 06:27:28 -0700 (PDT)
Received: from gateway07.websitewelcome.com (gateway07.websitewelcome.com [69.56.176.23]) by ietfa.amsl.com (Postfix) with ESMTP id B4ABE21F997E for <jose@ietf.org>; Fri, 26 Jul 2013 06:27:28 -0700 (PDT)
Received: by gateway07.websitewelcome.com (Postfix, from userid 5007) id 19C47EE9C8B09; Fri, 26 Jul 2013 08:27:19 -0500 (CDT)
Received: from gator1743.hostgator.com (gator1743.hostgator.com [184.173.253.227]) by gateway07.websitewelcome.com (Postfix) with ESMTP id 0D1ABEE9C8AE7 for <jose@ietf.org>; Fri, 26 Jul 2013 08:27:19 -0500 (CDT)
Received: from [198.180.150.142] (port=49530 helo=eb-ef.conference.fu-berlin.de) by gator1743.hostgator.com with esmtpsa (TLSv1:DHE-RSA-AES256-SHA:256) (Exim 4.80) (envelope-from <turners@ieca.com>) id 1V2i3L-0000HV-7w; Fri, 26 Jul 2013 08:27:27 -0500
Message-ID: <51F2793D.1010309@ieca.com>
Date: Fri, 26 Jul 2013 15:27:25 +0200
From: Sean Turner <turners@ieca.com>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:17.0) Gecko/20130620 Thunderbird/17.0.7
MIME-Version: 1.0
To: Mike Jones <Michael.Jones@microsoft.com>
References: <4E1F6AAD24975D4BA5B16804296739436B6EC773@TK5EX14MBXC284.redmond.corp.microsoft.com>
In-Reply-To: <4E1F6AAD24975D4BA5B16804296739436B6EC773@TK5EX14MBXC284.redmond.corp.microsoft.com>
Content-Type: text/plain; charset="windows-1252"; format="flowed"
Content-Transfer-Encoding: 8bit
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - gator1743.hostgator.com
X-AntiAbuse: Original Domain - ietf.org
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - ieca.com
X-BWhitelist: no
X-Source:
X-Source-Args:
X-Source-Dir:
X-Source-Sender: (eb-ef.conference.fu-berlin.de) [198.180.150.142]:49530
X-Source-Auth: sean.turner@ieca.com
X-Email-Count: 3
X-Source-Cap: ZG9tbWdyNDg7ZG9tbWdyNDg7Z2F0b3IxNzQzLmhvc3RnYXRvci5jb20=
Cc: "jose@ietf.org" <jose@ietf.org>
Subject: Re: [jose] PBES2-HS256+A256KW or PBES2-HS512+A256KW?
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/jose>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 26 Jul 2013 13:27:35 -0000

Mike,

Apologies for taking too long to get back to this.

The -01 version used HMAC-512 untruncated.  To me that didn't make much 
sense.  You're getting some level of security but you're carrying a lot 
of extra bytes.  Using either a truncated HMAC-512 as Dave's draft does 
or HMAC-SHA-256 lines up the bits of security provided by the algs.  I 
guess the embedded question is whether we should align the 3.

spt

On 7/18/13 11:26 PM, Mike Jones wrote:
> Currently JWA defines two password-based key encryption algorithms:
>
>                 PBES2-HS256+A128KW
>
>                 PBES2-HS256+A256KW
>
> I was surprised that when the AES key size was increased from 128 to
> 256, the HMAC key size was not also increased from 256 to 512. Sean,
> Matt had told me that this used to be the case in his individual draft,
> but that you had requested that HMAC SHA-256 be used for both algorithms.
>
> If for no other reasons than symmetry, I’m curious why.  For instance,
> in McGrew’s AES-CBC-HMAC-SHA2 draft, these pairings are made:
>
>                 128 bit AES with 256 bit HMAC
>
>                 192 bit AES with 384 bit HMAC
>
>                 256 bit AES with 512 bit HMAC
>
> Sean, why aren’t we doing the same for password-based encryption?
>
>                                                              Thanks,
>
>                                                              -- Mike
>

v2.23.0 | Report a Bug | By Email