Openssh hash request
Stephen J. Smoogen
smooge at gmail.com
Mon Oct 17 23:49:51 EST 2005
On 10/16/05, Damien Miller <djm at mindrot.org> wrote:
> On Fri, 14 Oct 2005, Stephen J. Smoogen wrote:
>
>
> For the per-packet MAC, only HMAC-SHA1 and HMAC-MD5 are supported. In
> reality, even these are overkill (in terms of MAC length).
>
> Wang, Yin and Yu's results on SHA1 don't matter for its use in HMAC
> anyway.
>
> > 2) How long do you want your message to be secure? If you say
> > forever... then you are best off not saying anything. If you say 100
> > years.. it would probably be best not to say anything. If you are
> > looking for 10 years then does the search space time for 2^60 or more
> > fit into that time frame. (Searching 2^30 (approx 1 billion keys) a
> > second it would take 34 years to search for this. This doesnt take in
> > account parrelization or other items).
>
> Finding a hash collision doesn't render your encrypted messages
> vulnerable.
>
Thanks Damien for taking the time to clarifying me. After Theo's
email, I read the HMAC RFC and then some crypto books to clarify what
my mistakes were. I realized I was wrong on several levels because of
mis-thinking that the SHA-1 problem was a way to bounce back an
unencrypted packet versus a collision. The assumptions I was making
was that the plain text was always a set size and no key was involved.
Both of these assumptions are invalid.
I should not have posted part 2 before doing that reading... I would
have realized the whole question was mute.
Again thankyou for taking the time to clarify. You guys are busy
enough and I should have kept my mouth shut.
--
Stephen J Smoogen.
CSIRT/Linux System Administrator
More information about the openssh-unix-dev
mailing list