IETF Logo Mail Archive

Re: [TLS] TLS1.3

"Lewis, Nick" <nick.lewis@usa.g4s.com> Mon, 11 February 2013 10:03 UTC

Return-Path: <nick.lewis@usa.g4s.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6F75F21F86D9 for <tls@ietfa.amsl.com>; Mon, 11 Feb 2013 02:03:17 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.223
X-Spam-Level:
X-Spam-Status: No, score=-2.223 tagged_above=-999 required=5 tests=[AWL=-1.702, BAYES_00=-2.599, SUBJ_ALL_CAPS=2.077, UNPARSEABLE_RELAY=0.001]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Dfc0JuaMsG0F for <tls@ietfa.amsl.com>; Mon, 11 Feb 2013 02:03:16 -0800 (PST)
Received: from mail1.bemta14.messagelabs.com (mail1.bemta14.messagelabs.com [193.109.254.113]) by ietfa.amsl.com (Postfix) with ESMTP id 2C79121F86AF for <tls@ietf.org>; Mon, 11 Feb 2013 02:03:15 -0800 (PST)
Received: from [85.158.140.211:26381] by server-9.bemta-14.messagelabs.com id C6/5D-30867-3E1C8115; Mon, 11 Feb 2013 10:03:15 +0000
X-Env-Sender: nick.lewis@usa.g4s.com
X-Msg-Ref: server-8.tower-194.messagelabs.com!1360576994!11029735!1
X-Originating-IP: [89.206.228.155]
X-StarScan-Received:
X-StarScan-Version: 6.7; banners=-,-,-
X-VirusChecked: Checked
Received: (qmail 20650 invoked from network); 11 Feb 2013 10:03:14 -0000
Received: from unallocated.star.net.uk (HELO gbtwk10s037.Technology.local) (89.206.228.155) by server-8.tower-194.messagelabs.com with RC4-SHA encrypted SMTP; 11 Feb 2013 10:03:14 -0000
Received: from GBTWK10E001.Technology.local ([10.234.1.29]) by gbtwk10s037.Technology.local ([10.234.1.39]) with mapi; Mon, 11 Feb 2013 10:03:14 +0000
From: "Lewis, Nick" <nick.lewis@usa.g4s.com>
To: "'Paterson, Kenny'" <Kenny.Paterson@rhul.ac.uk>
Date: Mon, 11 Feb 2013 10:03:14 +0000
Thread-Topic: [TLS] TLS1.3
Thread-Index: AQHOCDnkM5Cm91Ib2Ua7186ZEOcKaph0ZRRQ
Message-ID: <AAE0766F5AF36B46BAB7E0EFB9273206194A67DCDE@GBTWK10E001.Technology.local>
References: <AAE0766F5AF36B46BAB7E0EFB9273206194A67DCDC@GBTWK10E001.Technology.local> <B132B06E59C4A540A03C3393F53BC07C408169C0@EXCH-MB01.cc.rhul.local>
In-Reply-To: <B132B06E59C4A540A03C3393F53BC07C408169C0@EXCH-MB01.cc.rhul.local>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] TLS1.3
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 11 Feb 2013 10:03:17 -0000

>> The reality of TLS though is that there are many MACs in everyday use that are not secure (based on hashes of 80bits or even 64 bits).
>> These are currently protected from attack by being behind strong (112bit or 128 bit) crypt.
>> The "usual" MAC algorithms for TLS are HMAC-MD5, HMAC-SHA-1 and HMAC-SHA-256 (HMAC-SHA-384 is also a possibility).
>> These all have MAC tags of at least 128 bits.

>RFC 6066 standardises "truncated" MAC tags for TLS, but these are known to be dangerous when used in combination with TLS's variable length padding
>(see the distinguishing attack in my Asiacrypt 2011 paper with Ristenpart and Shrimpton).
>However, I was not aware of anyone actually using these truncated MAC tags, or any other short-output MAC algorithms in TLS.
>Can you provide specific examples in support of your argument?

Sorry I meant to say "bits of security" (as in a birthday attack) rather than leave an impression of bit length
According to NIST HMAC-MD5 and HMAC-SHA-1 are vulnerable and should not be used hence forth
http://csrc.nist.gov/publications/nistpubs/800-131A/sp800-131A.pdf

-- Nick



The details of this company are as follows:
G4S Technology Limited, Registered Office: Challenge House, International Drive, Tewkesbury, Gloucestershire GL20 8UQ, Registered in England No. 2382338.

This communication may contain information which is confidential, personal and/or privileged.

It is for the exclusive use of the intended recipient(s).
If you are not the intended recipient(s), please note that any distribution, forwarding, copying or use of this communication or the information in it is strictly prohibited.

Any personal views expressed in this e-mail are those of the individual sender and the company does not endorse or accept responsibility for them.

Prior to taking any action based upon this e-mail message, you should seek appropriate confirmation of its authenticity.

This e-mail has been scanned for all viruses by MessageLabs.

v2.23.0 | Report a Bug | By Email