[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Summary of key derivation thread

To: David Wagner <daw@mozart.cs.berkeley.edu>
Subject: Re: Summary of key derivation thread
From: Uri Blumenthal <uri@bell-labs.com>
Date: Fri, 06 Dec 2002 02:45:01 -0500
Cc: ipsec@lists.tislabs.com
Organization: Lucent Technologies / Bell Labs
Original-CC: ipsec@lists.tislabs.com
References: <200212051428.JAA34568@ornavella.watson.ibm.com> <3DEF8A1E.D988B6E3@bell-labs.com> <asokhb$u6o$1@abraham.cs.berkeley.edu>
Sender: owner-ipsec@lists.tislabs.com

David Wagner wrote:
> That's not correct.  It is reasonable to view HMAC as a PRF,
> but it is not reasonable to view SHA as a secure PRF.......

Because of single-block vs. multiple-block issues? I.e. you
assume that keyed compresson function of SHA is PRF for
*single block*, and extend it via HMAC to multiple-block
input?

> Again, let me express my opinion that Hugo and Ran are (as usual)
> 100% correct.  They've hit the nail on the head here.

(:-)

Follow-Ups:
- speaking of keys
  - From: Stephen Kent <kent@bbn.com>
- Re: Summary of key derivation thread
  - From: daw@mozart.cs.berkeley.edu (David Wagner)

References:
- Re: Summary of key derivation thread
  - From: Ran Canetti <canetti@watson.ibm.com>
- Re: Summary of key derivation thread
  - From: Uri Blumenthal <uri@bell-labs.com>
- Re: Summary of key derivation thread
  - From: daw@mozart.cs.berkeley.edu (David Wagner)

Prev by Date: RE: IKEv2 transport concerns
Next by Date: speaking of keys
Prev by thread: Re: Summary of key derivation thread
Next by thread: speaking of keys
Index(es):
- Date
- Thread