Re: [TLS] Issue 49: Finished.verify length
Mike <mike-list@pobox.com> Fri, 14 September 2007 00:18 UTC
Return-path: <tls-bounces@lists.ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1IVyta-0001aq-Aj; Thu, 13 Sep 2007 20:18:54 -0400
Received: from [10.90.34.44] (helo=chiedprmail1.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1IVytY-0001al-KG for tls@ietf.org; Thu, 13 Sep 2007 20:18:52 -0400
Received: from rune.pobox.com ([208.210.124.79]) by chiedprmail1.ietf.org with esmtp (Exim 4.43) id 1IVytY-0008TF-4h for tls@ietf.org; Thu, 13 Sep 2007 20:18:52 -0400
Received: from rune (localhost [127.0.0.1]) by rune.pobox.com (Postfix) with ESMTP id 5215D134754 for <tls@ietf.org>; Thu, 13 Sep 2007 20:19:09 -0400 (EDT)
Received: from [192.168.1.8] (wsip-24-234-114-35.lv.lv.cox.net [24.234.114.35]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by rune.sasl.smtp.pobox.com (Postfix) with ESMTP id 24DED134752 for <tls@ietf.org>; Thu, 13 Sep 2007 20:19:08 -0400 (EDT)
Message-ID: <46E9D35F.60904@pobox.com>
Date: Thu, 13 Sep 2007 17:18:39 -0700
From: Mike <mike-list@pobox.com>
User-Agent: Thunderbird 2.0.0.6 (Windows/20070728)
MIME-Version: 1.0
To: tls@ietf.org
Subject: Re: [TLS] Issue 49: Finished.verify length
References: <20070913183453.D32DD33C21@delta.rtfm.com>
In-Reply-To: <20070913183453.D32DD33C21@delta.rtfm.com>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Spam-Score: 0.0 (/)
X-Scan-Signature: d6b246023072368de71562c0ab503126
Cc:
X-BeenThere: tls@lists.ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.lists.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/tls>
List-Post: <mailto:tls@lists.ietf.org>
List-Help: <mailto:tls-request@lists.ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=subscribe>
Errors-To: tls-bounces@lists.ietf.org
> Currently Finished.verify_data is always 12 octets. With newer PRFs > and hashes, more might be useful. Should this depend on the PRF? > > My take on this is that the 12-octet length is mostly independent > of the PRF. After all, it's already been truncated from either > MD5 or SHA-1. Is there a good security reason to change this? Since the Finished message is just the output of the PRF itself, you can specify however much output you want. In TLS 1.2, the default PRF is based on HMAC-SHA-256, so 1 iteration of the PRF generates 32 bytes. With the Finished message currently using only 12 bytes of PRF output, we are just throwing away 20 bytes that could be utilized. Therefore, the Finished message could be increased to 32 bytes without impacting performance. I am not a security expert, but I do know that 32 bytes is a lot harder to guess than 12. Mike _______________________________________________ TLS mailing list TLS@lists.ietf.org https://www1.ietf.org/mailman/listinfo/tls
- [TLS] Issue 49: Finished.verify length Eric Rescorla
- Re: [TLS] Issue 49: Finished.verify length Mike
- Re: [TLS] Issue 49: Finished.verify length Eric Rescorla
- Re: [TLS] Issue 49: Finished.verify length Mike
- Re: [TLS] Issue 49: Finished.verify length Bodo Moeller
- RE: [TLS] Issue 49: Finished.verify length Pasi.Eronen
- Re: [TLS] Issue 49: Finished.verify length Bodo Moeller
- Re: [TLS] Issue 49: Finished.verify length Bodo Moeller
- RE: [TLS] Issue 49: Finished.verify length Pasi.Eronen
- Re: [TLS] Issue 49: Finished.verify length Eric Rescorla
- Re: [TLS] Issue 49: Finished.verify length Eric Rescorla
- RE: [TLS] Issue 49: Finished.verify length Pasi.Eronen
- Re: [TLS] Issue 49: Finished.verify length Eric Rescorla
- RE: [TLS] Issue 49: Finished.verify length Pasi.Eronen
- Re: [TLS] Issue 49: Finished.verify length Eric Rescorla
- RE: [TLS] Issue 49: Finished.verify length Pasi.Eronen
- Re: [TLS] Issue 49: Finished.verify length Russ Housley