ietf
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [TLS] Last Call: <draft-kanno-tls-camellia-00.txt> (Additionx

2011-03-08 11:20:56
from [Martin Rex] [Permanent Link] 
Eric Rescorla wrote:


I don't understand this reasoning. Why does the output size of the
pre-truncated PRF
influence the desirable length of the verify_data (provided that the
output size is > than
the length of the verify_data of course).


One of the purposes of a cryptographic hash function is to protect
from collisions (both random and fabricated collisions).

Cutting down the SHA-384 output from 48 to 12 octets significantly impairs
its ability to protect from collisions.  It's comparable to
truncating the SHA-1 output from 20 to 5 octets.

Unless you have _a_very_good_reason_ to truncate a hash output
so severely, you very probably should not do it.


-Martin
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Last Call: <draft-herzog-static-ecdh-04.txt> (Use of static-static Elliptic-Curve Diffie-Hellman key agreement in Cryptographic Message Syntax) to Informational RFC, Herzog, Jonathan - 0668 - MITLL
Next by Date:  Re: [TLS] Last Call: <draft-kanno-tls-camellia-00.txt> (Additionx, Eric Rescorla
Previous by Thread:  Re: [TLS] Last Call: <draft-kanno-tls-camellia-00.txt> (Additionx, Eric Rescorla
Next by Thread:  Re: [TLS] Last Call: <draft-kanno-tls-camellia-00.txt> (Additionx, Eric Rescorla
Indexes:  [Date] [Thread] [Top] [All Lists]