[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: replay field size




Phil Karn writes:
> My opinions:
> 
> Make the replay counters 32 bits for both AH and ESP. Should be plenty
> for any rational key lifetime, and the arithmetic is easier on
> compilers without "long long" data types...
> 
> Shorten the SHA-1 hash to 128 bits. Probably won't be any worse than
> MD-5...

Phil;

Actually, if you've been following the MAC debates, the cryptographers
say taking part of a hash makes a better MAC than taking the full one.

Perry


References: