[144866] in cryptography@c2.net mail archive
Re: Detecting attempts to decrypt with incorrect secret key in OWASP ESAPI
daemon@ATHENA.MIT.EDU (Peter Gutmann)
Wed Sep 16 21:23:07 2009
From: Peter Gutmann <pgut001@cs.auckland.ac.nz>
To: cryptography@metzdowd.com, daw@cs.berkeley.edu
In-Reply-To: <200909161652.n8GGqkn0016678@taverner.cs.berkeley.edu>
Date: Thu, 17 Sep 2009 13:20:45 +1200
David Wagner <daw@cs.berkeley.edu> writes:
>(You could replace AES-CMAC with SHA1-HMAC, but why would you want to?)
The answer to that depends on whether you need to support an existing base of
crypto software and hardware. Even though (in this case) it's a new standard,
it still requires support from the underlying crypto libraries. If little or
none of those do AES-CMAC yet (I don't think Windows CryptoAPI does, only very
recent versions of OpenSSL do... it's not looking good) then you'd want to
stick with HMAC-SHA1.
(Forestalling the inevitable "but developers can implement AES-CMAC themselves
from raw AES" that I'm sure someone will follow up with, the target audience
for this is web application developers, not cryptographers, so you need to
give them something that works as required out of the box).
Peter.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com