[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: AES, AES-MAC

To: "Joseph D. Harwood" <jharwood@vesta-corp.com>, ipsec@lists.tislabs.com
Subject: Re: AES, AES-MAC
From: "Jason Palmatier" <palmatie@us.ibm.com>
Date: Mon, 21 May 2001 11:39:21 -0400
Sender: owner-ipsec@lists.tislabs.com


If AES-128 is being used as an encryption algorithm by IKE (or IPsec
later), and IKE is generating the keys for it like it normally does, then
doesn't IKE need a hash algorithm of size 256 bits or greater to create
secure keys that are reasonably safe from collisions?  I was under the
impression that for IKE to use AES-128 it would need a hash algorithm that
produced an output of at least 256 bits to be secure.  If I'm misguided
here can someone let me know what the alternative is?

Jason

Jason Palmatier
IP Software Development
IBM iSeries eServer
Endicott, NY
email: palmatie@us.ibm.com




                                                                                                                   
                    "Joseph D. Harwood"                                                                            
                    <jharwood@vesta-cor       To:     "Ipsec" <ipsec@lists.tislabs.com>                            
                    p.com>                    cc:     <jari.arkko@lmf.ericsson.se>                                 
                    Sent by:                  Subject:     Re: AES, AES-MAC                                        
                    owner-ipsec@lists.t                                                                            
                    islabs.com                                                                                     
                                                                                                                   
                                                                                                                   
                    05/18/2001 01:19 PM                                                                            
                                                                                                                   
                                                                                                                   




>- I believe it is possible to use AES as
>  a MAC algorithm a la DES-MAC. Has this
>  been specified by NIST? Has it been specified
>  by IETF how to use it in the context of IPsec?
>
>- I seem to remember talk about SHA-256/384/512.
>  What are these and have their use been
>  specified for IPsec? What is their relationship
>  to AES-MAC?

The thread on SHA-256/384/512 can be found here:

http://www.vpnc.org/ietf-ipsec/mail-archive/msg00337.html

These are hash algorithms from NIST with 256/384/512 bits of output.  From
the thread above I don't believe they are going to be a requirement for
IPsec because of their performance.  AES-MAC was also discussed in this
thread.  It's performance is roughly that of AES-CBC encryption/decryption.
However, there has been discussion of using a counter mode for AES
encryption/decryption rather than CBC mode to improve encryption/decryption
performance, so perhaps something other than a straight AES-MAC would be
needed for equivalent authentication performance.  Please see the following
message, which contains the slides from Steve Kent's presentation that
discuss this:

http://www.vpnc.org/ietf-ipsec/mail-archive/msg00168.html

Best Regards,
Joseph D. Harwood
jharwood@vesta-corp.com
www.vesta-corp.com

Follow-Ups:

Re: AES, AES-MAC

From: Scott Fluhrer <sfluhrer@cisco.com>

Prev by Date: IPSec over L2TP tunnels for Remote users
Next by Date: Re: AES, AES-MAC
Prev by thread: Re: AES, AES-MAC
Next by thread: Re: AES, AES-MAC
Index(es):
- Main
- Thread