[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [TLS] Issue 66: HMAC-256 based ciphersuites

To: Ken Peirce <thewirelessmacdude@xxxxxxxxx>
Subject: Re: [TLS] Issue 66: HMAC-256 based ciphersuites
From: "Jeffrey A. Williams" <jwkckid1@xxxxxxxxxxxxx>
Date: Tue, 15 Jan 2008 16:44:08 -0800
Cc: tls@xxxxxxxx
Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=dk20050327; d=ix.netcom.com; b=sirPTKJwsV7a0TA+n0a+dxHpmCW+OXRUUs0fm2vgvQQGuLwT/1fherTVQqOoT2Wl; h=Received:Message-ID:Date:From:Organization:X-Mailer:X-Accept-Language:MIME-Version:To:CC:Subject:References:Content-Type:X-ELNK-Trace:X-Originating-IP;
List-archive: <http://www1.ietf.org/pipermail/tls>
List-help: <mailto:tls-request@lists.ietf.org?subject=help>
List-id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.lists.ietf.org>
List-post: <mailto:tls@lists.ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=unsubscribe>
Organization: IDNS
References: <801638.45222.qm@xxxxxxxxxxxxxxxxxxxxxxxxxxx>

Ken and all,

I believe this is a very good suggestion and/or approach.

Kindest regards,

Spokesman for INEGroup LLA. - (Over 277k members/stakeholders strong!)
"Obedience of the law is the greatest freedom" -
Abraham Lincoln

"Credit should go with the performance of duty and not with what is
very often the accident of glory" - Theodore Roosevelt

"If the probability be called P; the injury, L; and the burden, B;
liability depends upon whether B is less than L multiplied by
P: i.e., whether B is less than PL."
United States v. Carroll Towing (159 F.2d 169 [2d Cir. 1947]
===============================================================
Updated 1/26/04
CSO/DIR. Internet Network Eng. SR. Eng. Network data security IDNS.
div. of Information Network Eng. INEG. INC.
ABA member in good standing member ID 01257402 E-Mail
jwkckid1@xxxxxxxxxxxxx
My Phone: 214-244-4827

Ken Peirce wrote:

I think that we should provide cipher suites with uniform cryptographic strength. We should use the NIST "bits of security" metric to match the encryption key size and type as well as the hmac type. Use SHA 256 for AES128, etc. Ken Peirce
"MIURA, Fumiaki" <miura.fumiaki@xxxxxxxxxxxxx> wrote:
At Wed, 09 Jan 2008 10:30:17 +0100, Florian Weimer wrote:
>
> * Fumiaki MIURA:
>
> > At Tue, 8 Jan 2008 12:53:25 +0200, wrote:
> >> TLS_RSA_WITH_AES_256_CBC_SHA256
> >
> > Why not SHA512 for AES256?
> >
> > For example, FIPS 180-2 say that `security (bits)' for SHA-512 is 256
> > in page 3.
>
> Does this estimate also apply when using SHA-512 as a building block
> for an HMAC?
I think yes, theoretically.
"Message authentication using hash functions: The HMAC construction"
says:
| As shown in [12, 2], birthday attacks, that are
| the basis to finding collisions in cryptographic hash
| functions, can be applied to attack also keyed MAC
| schemes based on iterated functions (including also
| CBC-MAC, and other schemes). These attacks ap-
| ply to most (or all) of the proposed hash-based
| constructions of MACs.
But, I don't know any realistic attacks if we properly refresh the
key.

_______________________________________________
TLS mailing list
TLS@xxxxxxxxxxxxxx
https://www1.ietf.org/mailman/listinfo/tls
_______________________________________________
TLS mailing list
TLS@xxxxxxxxxxxxxx
https://www1.ietf.org/mailman/listinfo/tls

_______________________________________________
TLS mailing list
TLS@xxxxxxxxxxxxxx
https://www1.ietf.org/mailman/listinfo/tls

References:
- Re: [TLS] Issue 66: HMAC-256 based ciphersuites
  - From: Ken Peirce

Prev by Date: Re: [TLS] Issue 66: HMAC-256 based ciphersuites
Previous by thread: Re: [TLS] Issue 66: HMAC-256 based ciphersuites
Next by thread: Re: [TLS] Issue 66: HMAC-256 based ciphersuites
Index(es):
- Date
- Thread