[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Key lengths for HMAC prf's
Ben,
> When I'm using the HMAC version of the Hash function as my pseudo-random
> number generator, what key length do I use. A quick search of the
> ISAKMP/Oakley document reveals nothing. Am I supposed to infer a length
> from the following portion of RFC2104?
After the computation of SKEYID the length of the key to the keyed
MACs is the output of a previous MAC so you already know the length of
the key. The key to generate SKEYID depends on the method of authentication
you've negotiated and is either: 1) a concatenation of the two nonces (and
you know their lengths); 2) a hash of the concatenation of the two nonces
(and you know the length of the digest of the negotiated hash function); or,
3) the pre-shared key, whose length you also know.
Of course the "Revised Mode of Public Key Encryption" has additional
prf'ing that the others don't (to generate ephemeral keys for a symmetric
cipher that encrypts selected payloads) but you know the length of the key
there too since it's the length of a particular nonce (I or R) depending
on the message (I to R or R to I).
> 2. Definition of HMAC
[snip]
>
> 3. Keys
[snip]
> Dan, can you please add this to IO-RES? If I've once again missed the
> reference, can you put it somewhere near the text 'prf' or
> 'pseud-random' so we can do a text search for it?
I'm sensitive to the difficulty people have reading this draft and would
like to add whatever clarifying verbage people feel is necessary. Can you
tell me exactly what you'd like me to add? The text I just wrote above?
Where? In the notation section where prf is first mentioned? At the
point that generation of SKEYID et al is discussed?
Dan.
P.S. The comments and questions I've received on the IO-RES reminds me of a
quote from Idi Amin: "People sometimes mistake what I say for the way I think."
References: