IETF Logo Mail Archive

Re: [kitten] considering abandoning CTS mode (Re: I-D Action:draft-ietf-kitten-aes-cts-hmac-sha2-01.txt)

Tom Yu <tlyu@MIT.EDU> Sat, 17 August 2013 04:09 UTC

Return-Path: <tlyu@mit.edu>
X-Original-To: kitten@ietfa.amsl.com
Delivered-To: kitten@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CBDE011E80FD for <kitten@ietfa.amsl.com>; Fri, 16 Aug 2013 21:09:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -103.599
X-Spam-Level:
X-Spam-Status: No, score=-103.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rGpEu2h-rjK6 for <kitten@ietfa.amsl.com>; Fri, 16 Aug 2013 21:09:06 -0700 (PDT)
Received: from dmz-mailsec-scanner-5.mit.edu (dmz-mailsec-scanner-5.mit.edu [18.7.68.34]) by ietfa.amsl.com (Postfix) with ESMTP id 015B111E80F3 for <kitten@ietf.org>; Fri, 16 Aug 2013 21:09:05 -0700 (PDT)
X-AuditID: 12074422-b7ef78e000000935-92-520ef75beb3c
Received: from mailhub-auth-2.mit.edu ( [18.7.62.36]) by dmz-mailsec-scanner-5.mit.edu (Symantec Messaging Gateway) with SMTP id 6B.88.02357.B57FE025; Sat, 17 Aug 2013 00:08:59 -0400 (EDT)
Received: from outgoing.mit.edu (outgoing-auth-1.mit.edu [18.9.28.11]) by mailhub-auth-2.mit.edu (8.13.8/8.9.2) with ESMTP id r7H48wBN024163; Sat, 17 Aug 2013 00:08:58 -0400
Received: from cathode-dark-space.mit.edu (cathode-dark-space.mit.edu [18.18.1.96]) (authenticated bits=56) (User authenticated as tlyu@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.8/8.12.4) with ESMTP id r7H48tpb008978 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Sat, 17 Aug 2013 00:08:56 -0400
Received: (from tlyu@localhost) by cathode-dark-space.mit.edu (8.12.9.20060308) id r7H48tfY013486; Sat, 17 Aug 2013 00:08:55 -0400 (EDT)
To: "Henry B. Hotz" <hotz@jpl.nasa.gov>
References: <5674376E76F88641AD3748A64F0996971AAA4F35@TK5EX14MBXC285.redmond.corp.microsoft.com> <tsly584dyzt.fsf@mit.edu> <5674376E76F88641AD3748A64F0996971AAB7DA1@TK5EX14MBXC285.redmond.corp.microsoft.com> <CAK3OfOgRH88DmtAJw=hgd-t7-Sac3xTf-kD+aYOUCDh79AOtkg@mail.gmail.com> <ldv7gfnfxcv.fsf@cathode-dark-space.mit.edu> <C63BB21E-F976-401D-9130-1E226F1E4E12@jpl.nasa.gov>
From: Tom Yu <tlyu@MIT.EDU>
Date: Sat, 17 Aug 2013 00:08:54 -0400
In-Reply-To: <C63BB21E-F976-401D-9130-1E226F1E4E12@jpl.nasa.gov> (Henry B. Hotz's message of "Fri, 16 Aug 2013 17:31:32 -0700")
Message-ID: <ldvob8xc621.fsf@cathode-dark-space.mit.edu>
Lines: 17
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFuplleLIzCtJLcpLzFFi42IRYrdT0Y3+zhdk0PvT1OJr2wM2i93r1zFZ HN28isXiXzefA4vHkiU/mTwmLt/H4tG64y+7x8qpp9kDWKK4bFJSczLLUov07RK4MuY0f2Yq 6GCvOP5kKWMD4xXWLkZODgkBE4m/b15A2WISF+6tZ+ti5OIQEtjHKPHl4nIWCGcjo8SDA5Og MueYJFbce8cM4XQxSix9s44dpF9EQF3ixuFbYDazQBujxPk+MFtYoFDiw6HNUKP+M0k0TfgE 1M3BwSYgLXF0cRlIDYuAqsS5yQ0sIDanQL3Ekfsv2EBsXgELiU0vdzOD2DwCnBInZ26FigsC 2U9YIHZpSdz495JpAqPgLCSpWUhSCxiZVjHKpuRW6eYmZuYUpybrFicn5uWlFuma6uVmluil ppRuYgSHtIvSDsafB5UOMQpwMCrx8FpE8AUJsSaWFVfmHmKU5GBSEuV98x4oxJeUn1KZkVic EV9UmpNafIhRgoNZSYSX9wxQjjclsbIqtSgfJiXNwaIkzvvs6dlAIYH0xJLU7NTUgtQimKwM B4eSBO/Lr0CNgkWp6akVaZk5JQhpJg5OkOE8QMM5v4EMLy5IzC3OTIfIn2LU5fizcu4nRiGW vPy8VClx3r8ggwRAijJK8+DmwFLRK0ZxoLeEeZ+AVPEA0xjcpFdAS5iAlkw6wwuypCQRISXV wBi798DiEEGLy+e0Lws+WMLDkblZTb+16EXMrjnd7JcqJf7fidNSrS0Pm+7FKeH80P/dhtm7 G61dfn7d+6VIMFrp0ZsFnpVOQs8/q328ItkU0J7mHK1/72pPcWLq8RTD6wwBfxMeNvbWKhgc aIlgOx792iHjW+Lj6IsBK9PEN79Z+O6s+JrYdCWW4oxEQy3mouJEAI+H7/ogAwAA
Cc: "kitten@ietf.org" <kitten@ietf.org>, Michiko Short <michikos@microsoft.com>, Sam Hartman <hartmans-ietf@mit.edu>
Subject: Re: [kitten] considering abandoning CTS mode (Re: I-D Action:draft-ietf-kitten-aes-cts-hmac-sha2-01.txt)
X-BeenThere: kitten@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Common Authentication Technologies - Next Generation <kitten.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/kitten>, <mailto:kitten-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/kitten>
List-Post: <mailto:kitten@ietf.org>
List-Help: <mailto:kitten-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 17 Aug 2013 04:09:12 -0000

"Henry B. Hotz" <hotz@jpl.nasa.gov> writes:

> On Aug 14, 2013, at 8:26 PM, Tom Yu <tlyu@MIT.EDU> wrote:
>
>>> Also why SHA 384 instead of 512?
>> 
>> I asked Kelley about this, and he said the Suite B mandate was for 128
>> bits for lower security, and 192 bits for higher security.  That would
>> imply SHA-384 (I think HMAC-SHA-256 should be sufficient, but they
>> want an unequivocal 192 bits of strength).  I don't know why Suite B
>> doesn't specify AES-192 instead of AES-256 though.  Maybe these
>> rationales should be included in future revisions.
>
> There was some post on saag about AES-256 now being only 119-bits effective strength?  I confess I never backtracked the source material.  The problem didn't affect AES-128 and AES-192 much less.

I'm pretty sure those are related-key attacks, and also affect
AES-192.  They mostly affect the use of AES as a hash function.

v2.23.0 | Report a Bug | By Email