[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
keyed-MD5 placement of secret
Ref: Your note of Thu, 26 Jan 95 00:25:57 GMT (attached)
Bill (and Jeff)
> I asked the Security Area this many months ago. We discussed it on the
> M-Bone wrt IPv6, and I believe it was discussed in other fora. Here is
> the decision:
>
> > Date: Sun, 11 Sep 94 11:34:19 -0400
> > From: Jeffrey I. Schiller <jis@mit.edu>
> > .... I would recommend the front of
> > the data. in that fashion you can precompute the internal MD5 state (i.e.,
> > initialize MD5, feed it the key and then snapshot its internal state)
> > in order to get better performance.
> >
> Now, unless the Security Area reverses itself, and changes the standard
> in SNMP also, that is what we will use in the AH implementations going
> forward as we speak.
>
> There is absolutely no reason to do it differently for each MD5 usage.
Exactly! This is why you want an authentication function whose security
is independent of the particular usage/scenario/assumptions.
And yes, I hope the Security Area changes its decision as for what is the
standard keyed-MD5 mode for authentication.
Hugo
Follow-Ups: