RE: [TLS] Truncated HMAC recommendation
"Blumenthal, Uri" <uri.blumenthal@intel.com> Mon, 27 November 2006 20:55 UTC
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1GonVj-0001Dy-6c; Mon, 27 Nov 2006 15:55:31 -0500
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GonVg-0001Cc-ER for tls@ietf.org; Mon, 27 Nov 2006 15:55:28 -0500
Received: from mga03.intel.com ([143.182.124.21]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GonVA-0002x9-La for tls@ietf.org; Mon, 27 Nov 2006 15:55:28 -0500
Received: from azsmga001.ch.intel.com ([10.2.17.19]) by mga03.intel.com with ESMTP; 27 Nov 2006 12:54:55 -0800
Received: from fmsmsx333.amr.corp.intel.com ([132.233.42.2]) by azsmga001.ch.intel.com with ESMTP; 27 Nov 2006 12:54:52 -0800
X-ExtLoop1: 1
X-IronPort-AV: i="4.09,464,1157353200"; d="scan'208"; a="150898249:sNHT405334209"
Received: from hdsmsx412.amr.corp.intel.com ([10.127.2.72]) by fmsmsx333.amr.corp.intel.com with Microsoft SMTPSVC(6.0.3790.1830); Mon, 27 Nov 2006 12:54:51 -0800
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Subject: RE: [TLS] Truncated HMAC recommendation
Date: Mon, 27 Nov 2006 15:54:48 -0500
Message-ID: <279DDDAFA85EC74C9300A0598E704056FE754D@hdsmsx412.amr.corp.intel.com>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: [TLS] Truncated HMAC recommendation
thread-index: AccSWD6j7rsyhSPVR0S9tZ1Cd5YbAQAANmoAAACe5NAAAD5vMA==
From: "Blumenthal, Uri" <uri.blumenthal@intel.com>
To: tls@ietf.org
X-OriginalArrivalTime: 27 Nov 2006 20:54:51.0994 (UTC) FILETIME=[48C14BA0:01C71266]
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 7a6398bf8aaeabc7a7bb696b6b0a2aad
Cc:
X-BeenThere: tls@lists.ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.lists.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/tls>
List-Post: <mailto:tls@lists.ietf.org>
List-Help: <mailto:tls-request@lists.ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=subscribe>
Errors-To: tls-bounces@lists.ietf.org
> But if you truncate it to half-length, two > MACs are enough to allow verification of a > guess with high probability. I don't think > this is a significant gain. Cryptologic science disagrees with you. If your MAC size is N bits and your key size is K bits, then you need K/N known pairs of messsage <-> MAC in order to verify your guess of the key (I wonder why you think that just two MACs are enough if you leave only half of the MAC bits). Among other sources, see <http://www.cosic.esat.kuleuven.be/publications/thesis-16.pdf> (page 15). _______________________________________________ TLS mailing list TLS@lists.ietf.org https://www1.ietf.org/mailman/listinfo/tls
- [TLS] Truncated HMAC recommendation Mike
- Re: [TLS] Truncated HMAC recommendation Eric Rescorla
- RE: [TLS] Truncated HMAC recommendation Blumenthal, Uri
- Re: [TLS] Truncated HMAC recommendation Mike
- RE: [TLS] Truncated HMAC recommendation Blumenthal, Uri
- RE: [TLS] Truncated HMAC recommendation Whyte, William
- RE: [TLS] Truncated HMAC recommendation Blumenthal, Uri
- RE: [TLS] Truncated HMAC recommendation Whyte, William