[1157] in Kerberos_V5_Development
Re: des-3 & SHA
daemon@ATHENA.MIT.EDU (Richard Basch)
Fri May 10 15:27:58 1996
Date: Fri, 10 May 1996 15:27:17 -0400
To: "Theodore Y. Ts'o" <tytso@MIT.EDU>
Cc: "Richard Basch" <basch@lehman.com>, Sam Hartman <hartmans@MIT.EDU>,
krbdev@MIT.EDU
In-Reply-To: <9605101858.AA16322@dcl.MIT.EDU>
From: "Richard Basch" <basch@lehman.com>
On Fri, 10-May-1996, "Theodore Y. Ts'o" wrote to "Richard Basch, Sam Hartman, Richard Basch, krbdev@MIT.EDU" saying:
> Speaking of changes to the 3-DES checksum formats --- I believe it's an
> open question whether for the 3-DES suite whether we should use a
> SHA_DES3 checksum, or do something like Hugo's HMAC-SHA, which doesn't
> actually use an encryption algorithm to do the keyed hash.
>
> Getting some imput from Real Cryptographers would probably be a good
> idea before we formalize what's officially used in the 3-DES suite of
> algorithms.
Agreed.
Yesterday's checkin was a quick revamp. Btw, I believe I implemented
the spirit of the rfc1510 spec. The following items are still in question:
1. How do we want to actually do ENCTYPE_DES3_CBC_SHA?
Do we want to compute an SHA digest and then encrypt it using the
des3 key, or just use Another keyed hash, tagged with the message?
2. Is the prng sufficiently strong? Certainly, it is stronger than before,
but does it provide enough strength?
3. What checksum types should exist? Obviously SHA, but what about
SHA-DES3, HMAC-SHA?
4. Confounder? How much counfounder is necessary?
The preliminary framework is there now... it just needs tweaking based
on the answers to the above questions?
--
Richard Basch
Sr. Developer/Analyst URL: http://web.mit.edu/basch/www/home.html
Lehman Brothers, Inc. Email: basch@lehman.com, basch@mit.edu
101 Hudson St., 33rd Floor Fax: +1-201-524-5828
Jersey City, NJ 07302-3988 Voice: +1-201-524-5049
