[TLS] Entropy of SHA-2 and the P_SHA256-based PRF
"Brian Smith" <brian@briansmith.org> Wed, 14 July 2010 22:08 UTC
Return-Path: <brian@briansmith.org>
X-Original-To: tls@core3.amsl.com
Delivered-To: tls@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id EF7D83A6800 for <tls@core3.amsl.com>; Wed, 14 Jul 2010 15:08:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.04
X-Spam-Level:
X-Spam-Status: No, score=0.04 tagged_above=-999 required=5 tests=[AWL=0.038, BAYES_50=0.001, HTML_MESSAGE=0.001]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id abzxJAVzsTsG for <tls@core3.amsl.com>; Wed, 14 Jul 2010 15:08:37 -0700 (PDT)
Received: from mxout-07.mxes.net (mxout-07.mxes.net [216.86.168.182]) by core3.amsl.com (Postfix) with ESMTP id 33C733A67FA for <tls@ietf.org>; Wed, 14 Jul 2010 15:08:37 -0700 (PDT)
Received: from T60 (unknown [98.200.191.117]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by smtp.mxes.net (Postfix) with ESMTPSA id C539E22E1F1 for <tls@ietf.org>; Wed, 14 Jul 2010 18:08:40 -0400 (EDT)
From: Brian Smith <brian@briansmith.org>
To: tls@ietf.org
Date: Wed, 14 Jul 2010 17:08:37 -0500
Message-ID: <007301cb23a1$1f7ddc40$5e7994c0$@briansmith.org>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_NextPart_000_0074_01CB2377.36A8BEA0"
X-Mailer: Microsoft Outlook 14.0
Thread-Index: AQHQT0SgQZVGv1Ahnlc5oomxhwvZPg==
Content-Language: en-us
Subject: [TLS] Entropy of SHA-2 and the P_SHA256-based PRF
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 14 Jul 2010 22:08:41 -0000
Here is an interesting paper regarding the entropy of the output of SHA-2 with a special mention of the TLS 1.2 PRF. If I am understanding correctly, SHA-2 reduces the entropy of a random input by half the first time it is applied, and the entropy slowly decreases every time it is applied thereafter. "For illustration we can say that the entropy of E(PRF[1]) = 253.463, but the entropy of E(PRF[60]) = 250.00." "Practical consequences of the aberration of narrow-pipe hash designs from ideal random functions" Danilo Gligoroski and Vlastimil Klima http://eprint.iacr.org/2010/384 Regards, Brian
- [TLS] Entropy of SHA-2 and the P_SHA256-based PRF Brian Smith
- Re: [TLS] Entropy of SHA-2 and the P_SHA256-based… Martin Rex
- Re: [TLS] Entropy of SHA-2 and the P_SHA256-based… Marsh Ray
- Re: [TLS] Entropy of SHA-2 and the P_SHA256-based… Marsh Ray
- Re: [TLS] Entropy of SHA-2 and the P_SHA256-based… Hugo Krawczyk
- Re: [TLS] Entropy of SHA-2 and the P_SHA256-based… Marsh Ray
- Re: [TLS] Entropy of SHA-2 and the P_SHA256-based… Marsh Ray