Re: SHA-2 based HMAC algorithm...

To: Peter Gutmann <pgut001%cs.auckland.ac.nz@localhost>
Subject: Re: SHA-2 based HMAC algorithm...
From: "Mark D. Baushke" <mdb%juniper.net@localhost>
Date: Sat, 19 Mar 2011 01:00:05 -0700

Peter Gutmann <pgut001%cs.auckland.ac.nz@localhost> writes:

> Hmm, are you sure you want to try and get all that in an RFC?  

I suppose RFC 4432 already has the rsa2048-sha256 covered and using
ECDH from RFC 5656 for KEX addresses the issues with DH not really
using sha256. Adding hmac-sha256 is likely going to be faster than
using AED_AES_128_GCM.

So, yes, it would be best to do the hmac-sha2 stuff first and let
RFCs 4432, 5647 and 5656 address the bit strength issues of NIST SP
800-131.

	-- Mark

References:
- Re: SHA-2 based HMAC algorithm...
  - From: Peter Gutmann

Prev by Date: Re: SHA-2 based HMAC algorithm...
Next by Date: Re: SHA-2 based HMAC algorithm...
Previous by Thread: Re: SHA-2 based HMAC algorithm...
Next by Thread: I-D Action:draft-kwatsen-reverse-ssh-00.txt (fwd)
Indexes:

Home | Main Index | Thread Index | Old Index