[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: AH padding after MD5/SHA1 hash value
>> From what I understand from the wording in RFC240[234],
>> - for sender side, it is not illegal to attach more than 96 bits
>> into authentication data field. RFC2403 does not require us to
>> attach exactly 96bits. It just say "truncated value using the
>> first 96 bits MUST be supported". It is not clear to us whether
>> 96bit truncation is the requirement, or not.
>> This seems odd while we call those AH algorithms as "HMAC-MD5-96".
>> If we do not require truncation to 96bits, why we call it "96"?
>There is the reason at the section 5 in RFC2104, but it doesn't mentioned
>strongly.
it seems to me that RFC2104 section 5 gives us why it is secure
even if we truncate. my question is opposite - why do we make
the truncate optional, and I believe it's better to make the
truncation mandatory.
itojun
References: