[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

keyed-MD5 placement of secret



Ref:  Your note of Thu, 26 Jan 95 00:25:57 GMT (attached)

Bill (and Jeff)

 > I asked the Security Area this many months ago.  We discussed it on the
 > M-Bone wrt IPv6, and I believe it was discussed in other fora.  Here is
 > the decision:
 >
 > > Date: Sun, 11 Sep 94 11:34:19 -0400
 > > From: Jeffrey I. Schiller <jis@mit.edu>
 > > .... I would recommend the front of
 > > the data. in that fashion you can precompute the internal MD5 state (i.e.,
 > > initialize MD5, feed it the key and then snapshot its internal state)
 > > in order to get better performance.
 > >
 > Now, unless the Security Area reverses itself, and changes the standard
 > in SNMP also, that is what we will use in the AH implementations going
 > forward as we speak.
 >
 > There is absolutely no reason to do it differently for each MD5 usage.

Exactly! This is why you want an authentication function whose security
is independent of the particular usage/scenario/assumptions.

And yes, I hope the Security Area changes its decision as for what is the
standard keyed-MD5 mode for authentication.

Hugo


Follow-Ups: