Re: implicit padding for authentication

[Stephen Kent <kent@bbn.com>]

Mike sent this message to me earlier and I failed to respond; I agree that
the WG needs to decide on this.  This padding spec has been around for some
time and was not revised when we made changes to the encryption padding
requirements. Since the hash algorithms that underly HMAC specify their own
padding, it would seem appropriate to make the padding requirement be an
algorithm-specific matter and refer to the relevant algorithm document.  We
could spevify this as the default to be used if there is no
algorithm-specific padding, but that case seems rare and it would seem to
be easier to relegate this to the ICV algorithm spec in every case.
However, I'd alos like to know what implementors are doing now, since
testing has been ongoing for some time and people have interoperated on the
basis of some common interpretation of implicit padding.  Finally, let me
offer one motivation to switch to algorithm-specific padding as specified
in the algorithm definitions: hardware.  Crypto hardware (e.g. a generic
chip) that implements hashing might generate padding based on an
algorithmic spec such as those for MD5 and SHA-1 and thus would cause
problems if we retain the current definition.

Steve

---

Follow-Ups:

• Re: implicit padding for authentication
• From: "C. Harald Koch" <chk@utcc.utoronto.ca>

References:

• implicit padding for authentication
• From: Michael Giniger <mginiger@tiac.net>

---

• Prev by Date: implicit padding for authentication
• Next by Date: Re: implicit padding for authentication
• Prev by thread: implicit padding for authentication
• Next by thread: Re: implicit padding for authentication
• Index(es):
  • Main
  • Thread