ietf-smime
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Maximum length in octets of messages that can be hashed

2009-03-05 13:34:33
from [Alfred Hönes] [Permanent Link] 

Hello,

In the message archived at
   http://www.IMC.ORG/ietf-smime/mail-archive/msg03319.html,
Maxim Masiutin wrote:


Section 3.6.1 of "SEC 1: Elliptic Curve Cryptography"
http://www.secg.org/download/aid-385/sec1_final.pdf defines
"hashmaxlen" as "the maximum length in octets of messages
that can be hashed using Hash".

Where can I find the maximum length of message for SHA-1,
SHA-224(etc). I've searched through fip180-1 and didn't
find any limitation. ANSI-X9.63 also imposes the limitation.
Why then the authors ANSI-X9.63 did define the hashmaxlen
limitation if there is no such limitation practically?


Hmmm. What version of FIPS 180 did you skim over?  (See note below.)

In the current version, FIPS 180-3, published in October 2008,
the Introduction (Section 1), at the bottom of the first text
page, contains a table labelled "Figure 1" which I guess can
legitimately be translated into ASCII text.  It says:


Algorithm | Message Size | Block Size | Word Size | Message Digest Size
          |    (bits)    |   (bits)   |  (bits)   |       (bits)
----------+--------------+------------+-----------+--------------------
 SHA-1    |   < 2**64    |     512    |     32    |         160
 SHA-224  |   < 2**64    |     512    |     32    |         224
 SHA-256  |   < 2**64    |     512    |     32    |         256
 SHA-384  |   < 2**128   |    1024    |     64    |         384
 SHA-512  |   < 2**128   |    1024    |     64    |         512

              Figure 1: Secure Hash Algorithm Properties


Apparently, the second column essentially contains what you
are looking for; conversion to {number of octets} (or bytes --
whichever term you prefer) should be straightforward.

The limits for SHA-384 and SHA-512 might indeed be considered
practically irrelevant, but the lower value for the other
algorithms might indeed be relevant in specific environments.


Note:

This table already was in the June 2007 Draft FIPS 180-3.
Its predecessor version (without the line for SHA-224) was
in the June 2002 FIPS 180-2; the line for SHA-224 had been
supplied on the first text page of the February 2005
"Change Notice 1" to FIPS 180-2 initially specifying SHA-224.

FIPS 180-1 (1993) was for SHA-1 only, so nobody would espect it to
have contained data points for the more recent algorithms, however
its INTRODUCTION contained the said limit for SHA-1 in the prose.


Kind regards,
  Alfred Hönes.

-- 

+------------------------+--------------------------------------------+
| TR-Sys Alfred Hoenes   |  Alfred Hoenes   Dipl.-Math., Dipl.-Phys.  |
| Gerlinger Strasse 12   |  Phone: (+49)7156/9635-0, Fax: -18         |
| D-71254  Ditzingen     |  E-Mail:  ah(_at_)TR-Sys(_dot_)de                    
 |
+------------------------+--------------------------------------------+
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Maximum length in octets of messages that can be hashed, Russ Housley
Next by Date:  Re: Implementation of ANSI-X9.63-KDF, Alfred Hönes
Previous by Thread:  Re[2]: Maximum length in octets of messages that can be hashed, Maxim Masiutin
Next by Thread:  I-D Action:draft-ietf-smime-new-asn1-03.txt, Internet-Drafts
Indexes:  [Date] [Thread] [Top] [All Lists]