[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Use of AES as prf in IKEv2
Andrew Krywaniuk wrote:
> Some claim that the rationale for using AES for MAC'ing in addition to
> symmetric crypto is to reduce the code footprint. Using SHA to pre-hash
> the key would defeat that.
Yes to both. We could use AES for hashing as well.
> If truncating the nonces is lossy (which is only true if your PRNG is
> bad) then why not just use XOR? [Assume 128 bit AES.] Divide up the
> keystream into 128 bit blocks and XOR them all together.
???
> If someone is going to claim that XORing the 2 nonces together is
> insecure, then you could still XOR the nonces into two separate 64 bit
> blocks.
This sounds much better.