Re: draft-ietf-ipsec-ah-md5-00.txt

[colin@nyx10.cs.du.edu (Colin Plumb)]

Theodore T'so wrote:
> I think we should at the very least put a comment into the draft.

> I'm not a cryptographyer, so I don't know if there are any inherent
> advantages to putting the key at both the beginning and the end, as
> opposed to just simply putting length near the beginning

Well, I *am* a cryptographer (it's kind of scary that I've stopped hedging
that statement - there's a second phase of skill development where one
is no longer as scared of screwing up and so gets sloppy and... screws up more)
and I'm not seeing wht prepend & append would have any value.

My rule is that as long as the bit string being hashed is uniquely parseable
(in theory, even if it's very difficult in practice), then the hash can
be considered to apply to the parsed structure.

Now, is there something about the bit string that is hashed that
invokes this rule without the appending (i.e. it is *not* uniquely
parseable), or is thre some other gotcha that was pointed out that I
should be aware of?

Enlightenment would be appreciated so I can contribute more.

Oh, BTW... a CRC *is* a secure MAC if the polynomial and the MAC are
unknown to an attacker.  Given a few messages and MACs, it is easy to
find the GCD, which is the polynomial, but without, it's guesswork.
(This is from the folks who did the Strongbox secure loader at CMU -
they needed a *fast* secure hash.)
-- 
	-Colin

---

• Prev by Date: draft-ietf-ipsec-<many>-00.txt
• Next by Date: Re: draft-ietf-ipsec-<many>-00.txt
• Prev by thread: draft-ietf-ipsec-ah-md5-00.txt
• Next by thread: draft-ietf-ipsec-ah-md5-00.txt
• Index(es):
  • Main
  • Thread