[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: AH padding after MD5/SHA1 hash value

To: "Shoichi 'Ne' Sakane" <sakane@ydc.co.jp>
Subject: Re: AH padding after MD5/SHA1 hash value
From: itojun@iijlab.net
Date: Tue, 13 Jun 2000 23:13:48 +0900
cc: ipsec@lists.tislabs.com
In-reply-to: sakane's message of Tue, 13 Jun 2000 22:56:23 JST. <20000613225623I.sakane@ydc.co.jp>
Sender: owner-ipsec@lists.tislabs.com


>> 	From what I understand from the wording in RFC240[234],
>> 	- for sender side, it is not illegal to attach more than 96 bits
>> 	  into authentication data field.  RFC2403 does not require us to
>> 	  attach exactly 96bits.  It just say "truncated value using the
>> 	  first 96 bits MUST be supported".  It is not clear to us whether
>> 	  96bit truncation is the requirement, or not.
>> 	  This seems odd while we call those AH algorithms as "HMAC-MD5-96".
>> 	  If we do not require truncation to 96bits, why we call it "96"?
>There is the reason at the section 5 in RFC2104, but it doesn't mentioned
>strongly.

	it seems to me that RFC2104 section 5 gives us why it is secure
	even if we truncate.   my question is opposite - why do we make
	the truncate optional, and I believe it's better to make the
	truncation mandatory.

itojun

References:

Re: AH padding after MD5/SHA1 hash value

From: "Shoichi 'Ne' Sakane" <sakane@ydc.co.jp>

Prev by Date: RE: Replay problem
Next by Date: Re: Replay problem
Prev by thread: Re: AH padding after MD5/SHA1 hash value
Next by thread: Re: AH padding after MD5/SHA1 hash value
Index(es):
- Main
- Thread