[1214] in Kerberos_V5_Development
Re: 3des question
daemon@ATHENA.MIT.EDU (Richard Basch)
Mon May 20 23:19:50 1996
Date: Mon, 20 May 1996 23:18:34 -0400
To: perry@piermont.com
Cc: Marc Horowitz <marc@MIT.EDU>, krbdev@MIT.EDU
In-Reply-To: <199604181403.KAA08241@jekyll.piermont.com>
From: "Richard Basch" <basch@lehman.com>
I realize I shouldn't do this (playing amateur cryptographer, that is)...
I have started to implement 3des, using SHA, and HMAC-SHA in Kerberos
V5. I wrote my HMAC-SHA implementation based on the published I-D for
ipsec, and it appears to be using a 64-byte padding. Doesn't HMAC
recommend that the padding be sufficiently large to act as a general
confounder for the message (eg. generally the block size that the digest
algorithm works on)? If so, isn't the appropriate padding size for
HMAC-SHA 80 bytes instead of 64 bytes?
Anyway, if you could let me know what the appropriate padding size
should be, I would be greatly appreciated. Also, if there are any other
differences from the published I-D, I would greatly appreciate hearing
about them. (I have also sent a query, not citing the ipsec I-D, to
Hugo.)
Thanks.
--
Richard Basch
Sr. Developer/Analyst, DSO URL: http://web.mit.edu/basch/www/home.html
Lehman Brothers, Inc. Email: basch@lehman.com, basch@mit.edu
101 Hudson St., 38th Floor Fax: +1-201-524-5828
Jersey City, NJ 07302-3988 Voice: +1-201-524-5049
