[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Use of AES as prf in IKEv2



Some claim that the rationale for using AES for MAC'ing in addition to symmetric crypto is to reduce the code footprint. Using SHA to pre-hash the key would defeat that.

If truncating the nonces is lossy (which is only true if your PRNG is bad) then why not just use XOR? [Assume 128 bit AES.] Divide up the keystream into 128 bit blocks and XOR them all together.

If someone is going to claim that XORing the 2 nonces together is insecure, then you could still XOR the nonces into two separate 64 bit blocks.

Andrew
--------------------------------------
The odd thing about fairness is when
we strive so hard to be equitable
that we forget to be correct.




_________________________________________________________________
Tired of spam? Get advanced junk mail protection with MSN 8. http://join.msn.com/?page=features/junkmail