[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: replay field size
Phil Karn writes:
> My opinions:
>
> Make the replay counters 32 bits for both AH and ESP. Should be plenty
> for any rational key lifetime, and the arithmetic is easier on
> compilers without "long long" data types...
>
> Shorten the SHA-1 hash to 128 bits. Probably won't be any worse than
> MD-5...
Phil;
Actually, if you've been following the MAC debates, the cryptographers
say taking part of a hash makes a better MAC than taking the full one.
Perry
References: