[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

keyed-MD5 placement of secret

To: perry@imsi.com
Subject: keyed-MD5 placement of secret
From: hugo@watson.ibm.com
Date: Fri, 27 Jan 95 12:00:59 EST
Cc: bsimpson@morningstar.com, IPSEC@ans.net, jis@mit.edu

Ref:  Your note of Thu, 26 Jan 1995 19:02:28 -0500 (attached)

 > From: "Perry E. Metzger" <perry@imsi.com>
 >
 > hugo@watson.ibm.com says:
 > > Exactly! This is why you want an authentication function whose security
 > > is independent of the particular usage/scenario/assumptions.
 >
 > You are asking that we prepend the length to packets that already
 > specify their length at a fixed location.  I don't understand why we

Indeed, when you apply MD5 to information that happens to have the length as
its last field you still append the length again during the hash computation.
This is because the standard, unique definition of MD5 (Rivest's function,
not the derivated keyed functions), asks for automatic addition of the
length parameter (not to the physical information but to the computation).

Do you know of any application that modifies the definition of MD5 because
it happens to have the length as a field in the information?
Using well defined, standard cryptographic functions is good practice.
This is also why I wanted to involve the security directorate since this is
(in my view) a global issue for the IETF.

Now, let's stop this loop of messages.
The last thing I intended was to clog this list (and myself!)
Go ahead with whatever  you feel is rough consensus in the group.

Hugo

Prev by Date: pointless semantic dithering
Next by Date: Re: AH-MD5
Prev by thread: Re: keyed-MD5 placement of secret
Next by thread: MD5 vs. SHA
Index(es):
- Main
- Thread