[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Question about truncating output length of HMAC computation

To: ipsec@tis.com
Subject: Question about truncating output length of HMAC computation
From: "Loretta Zhou" <lzhou@nortelnetworks.com>
Date: Wed, 3 Feb 1999 11:23:51 -0500 (EST)
Reply-To: "Loretta Zhou" <lzhou@nortelnetworks.com>
Sender: owner-ipsec@ex.tis.com

Hi,

In section 5 of rfc 2104 (HMAC: Keyed-Hashing for message Authentication),
it has the following information:
 
  Applications of HMAC can choose to truncate the output of HMAC by 
  outputting the t leftmost bits of the HMAC computation. We recommend 
  that the output length t be not less than half the length of the hash 
  output and not less than 80 bits. We propose denoting a realization of 
  HMAC that uses a hash function H with t bits of output as HMAC-H-t. 
  For example, HMAC-SHA1-80 denotes HMAC computed using the SHA-1 function 
  and with the output truncated to 80 bits. (If the parameter t is not 
  specified, e.g. HMAC-MD5, then it is assumed that all the bits of the 
  hash are output.)
 
When I was searching for RFCs about HMAC-MD5-t and HMAC-SHA1-t under the 
ipsec working group of IETF homepage, I only found two relevant RFCs. One 
is "The Use of HMAC-MD5-96 with ESP and AH" and the other is "The Use of 
HMAC-SAH-1-96 with ESP and AH".
 
My question is that by default, what do we MUST support for the output 
length if we implement SHA-1 and MD5? Do we must support truncating output 
length to 96 bits or outputing all length (no truncating)? Which one is
more preferred and widely supported?
 
Loretta.

Prev by Date: RE: Question about mis-match SA lifetimes
Next by Date: Re: Question about mis-match SA lifetimes
Prev by thread: Question about the situation field of the SA payload.
Next by thread: Quick Mode HASH(3) and optional payloads
Index(es):
- Main
- Thread