[1215] in Kerberos_V5_Development
Re: 3des question
daemon@ATHENA.MIT.EDU (Marc Horowitz)
Mon May 20 23:35:32 1996
To: "Richard Basch" <basch@lehman.com>
Cc: perry@piermont.com, krbdev@MIT.EDU
In-Reply-To: Your message of "Mon, 20 May 1996 23:18:34 EDT."
<199605210318.XAA19570@badger.lehman.com>
Date: Mon, 20 May 1996 23:34:59 EDT
From: Marc Horowitz <marc@MIT.EDU>
I'm not going to play amateur cryptographer, I'm only going to site
stuff Real Cryptographers have said.
In message <199605210318.XAA19570@badger.lehman.com>, "Richard Basch" <basch@lehman.com> writes:
>> Doesn't HMAC recommend that the padding be sufficiently large to act
>> as a general confounder for the message (eg. generally the block size
>> that the digest algorithm works on)?
draft-ietf-ipsec-hmac-md5-00.txt (which is somewhat misnamed, since it
tries to be more general than md5) implies, but does not state this
explicitly (section 2):
The key K can be of any length up to the block length of the hash
function, namely, 64 bytes for MD5 (however, 16 bytes is the minimal
recommended length for keys -- see section 3).
This is the same size as ipad and opad, and is the same as the block
size of the cryptosystem.
>> If so, isn't the appropriate padding size for HMAC-SHA 80 bytes
>> instead of 64 bytes?
I don't think so. draft-ietf-ipsec-ah-hmac-sha-00.txt states (section
1.1):
SHA operates on 64-byte blocks.
Of course, if Hugo contradicts me, he's right :-)
Marc
