[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Maximum length in octets of messages that can be hashed

To: ietf-smime@xxxxxxx
Subject: Re: Maximum length in octets of messages that can be hashed
From: Alfred Hönes <ah@xxxxxxxxx>
Date: Thu, 5 Mar 2009 18:20:36 +0100 (MEZ)
List-archive: <http://www.imc.org/ietf-smime/mail-archive/>
List-id: <ietf-smime.imc.org>
List-unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe>
Sender: owner-ietf-smime@xxxxxxxxxxxx

Hello,

In the message archived at
   http://www.IMC.ORG/ietf-smime/mail-archive/msg03319.html,
Maxim Masiutin wrote:

> Section 3.6.1 of "SEC 1: Elliptic Curve Cryptography"
> http://www.secg.org/download/aid-385/sec1_final.pdf defines
> "hashmaxlen" as "the maximum length in octets of messages
> that can be hashed using Hash".
>
> Where can I find the maximum length of message for SHA-1,
> SHA-224(etc). I've searched through fip180-1 and didn't
> find any limitation. ANSI-X9.63 also imposes the limitation.
> Why then the authors ANSI-X9.63 did define the hashmaxlen
> limitation if there is no such limitation practically?

Hmmm. What version of FIPS 180 did you skim over?  (See note below.)

In the current version, FIPS 180-3, published in October 2008,
the Introduction (Section 1), at the bottom of the first text
page, contains a table labelled "Figure 1" which I guess can
legitimately be translated into ASCII text.  It says:

Algorithm | Message Size | Block Size | Word Size | Message Digest Size
          |    (bits)    |   (bits)   |  (bits)   |       (bits)
----------+--------------+------------+-----------+--------------------
 SHA-1    |   < 2**64    |     512    |     32    |         160
 SHA-224  |   < 2**64    |     512    |     32    |         224
 SHA-256  |   < 2**64    |     512    |     32    |         256
 SHA-384  |   < 2**128   |    1024    |     64    |         384
 SHA-512  |   < 2**128   |    1024    |     64    |         512

              Figure 1: Secure Hash Algorithm Properties

Apparently, the second column essentially contains what you
are looking for; conversion to {number of octets} (or bytes --
whichever term you prefer) should be straightforward.

The limits for SHA-384 and SHA-512 might indeed be considered
practically irrelevant, but the lower value for the other
algorithms might indeed be relevant in specific environments.

Note:

This table already was in the June 2007 Draft FIPS 180-3.
Its predecessor version (without the line for SHA-224) was
in the June 2002 FIPS 180-2; the line for SHA-224 had been
supplied on the first text page of the February 2005
"Change Notice 1" to FIPS 180-2 initially specifying SHA-224.

FIPS 180-1 (1993) was for SHA-1 only, so nobody would espect it to
have contained data points for the more recent algorithms, however
its INTRODUCTION contained the said limit for SHA-1 in the prose.

Kind regards,
  Alfred Hönes.

-- 

+------------------------+--------------------------------------------+
| TR-Sys Alfred Hoenes   |  Alfred Hoenes   Dipl.-Math., Dipl.-Phys.  |
| Gerlinger Strasse 12   |  Phone: (+49)7156/9635-0, Fax: -18         |
| D-71254  Ditzingen     |  E-Mail:  ah@xxxxxxxxx                     |
+------------------------+--------------------------------------------+

Prev by Date: Re: Maximum length in octets of messages that can be hashed
Previous by thread: Re: Maximum length in octets of messages that can be hashed
Index(es):
- Date
- Thread