[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Key lengths for HMAC prf's
When I'm using the HMAC version of the Hash function as my pseudo-random
number generator, what key length do I use. A quick search of the
ISAKMP/Oakley document reveals nothing. Am I supposed to infer a length
from the following portion of RFC2104?
2. Definition of HMAC
The definition of HMAC requires a cryptographic hash function, which
we denote by H, and a secret key K. We assume H to be a cryptographic
hash function where data is hashed by iterating a basic compression
function on blocks of data. We denote by B the byte-length of such
blocks (B=64 for all the above mentioned examples of hash functions),
and by L the byte-length of hash outputs (L=16 for MD5, L=20 for
SHA-1). The authentication key K can be of any length up to B, the
block length of the hash function. Applications that use keys longer
than B bytes will first hash the key using H and then use the
resultant L byte string as the actual key to HMAC. In any case the
minimal recommended length for K is L bytes (as the hash output
length). See section 3 for more information on keys.
[snip]
3. Keys
The key for HMAC can be of any length (keys longer than B bytes are
first hashed using H). However, less than L bytes is strongly
discouraged as it would decrease the security strength of the
function. Keys longer than L bytes are acceptable but the extra
length would not significantly increase the function strength. (A
longer key may be advisable if the randomness of the key is
considered weak.)
If so, what should I infer?
Dan, can you please add this to IO-RES? If I've once again missed the
reference, can you put it somewhere near the text 'prf' or
'pseud-random' so we can do a text search for it?
thanks,
ben
Follow-Ups: