On Nov 20, 2006, at 1:29 PM, Omirjan Batyrbaev wrote:
Hi Eric,I've seen the TLS reference to the "Request for Comments: 2104" so this is(probably) the HMAC used in TLS. Quoting to be on the same page: "To compute HMAC over the data `text' we perform H(K XOR opad, H(K XOR ipad, text))"However, this RFC was produced in 1997 but SSL was from 1995 (or earlier?). Do you know which HMAC they used in say SSL v3 and v2 (which is still anoption in my browser, etc.)?
In SSLv3:
hash(MAC_write_secret, pad_2 +
hash(MAC_write_secret + pad_1 + data));
For hash == MD5 or SHA-1, and pad_1 is 0x36 48 or 40 times (depending
on the hash) and pad_2 is 0x5c 48 or 40 times. This is all available
in Netscape's document describing SSLv3. I don't know what SSLv2
used, but v2 has more problems than the MAC. I'm also fairly certain
that the HMAC construction long predated the RFC describing it.
It's pointless to start suggesting revising SSLv3, because they did that already, and TLSv1 was the result. If you are paranoid (unnecessarily, IMO) you can disable SSLv3 in your browser. Disabling SSLv2 is probably a good idea, unless you are using some backwards service that still only supports v2.
Cheers. _______________________________________________ TLS mailing list TLS@xxxxxxxxxxxxxx https://www1.ietf.org/mailman/listinfo/tls