Des and 3DES PRF: 16 or 8 bytes
dodavis at redhat.com
Thu Apr 30 20:56:19 EDT 2009
hi, sam --
i think an 8 byte hash is sufficiently limited nowadays to justify
using 16 byte as the prf output size.
- don davis, redhat
Sam Hartman wrote:
> Folks, it was not clear in the discussion at IETf 74 whether we wanted
> to have the RFC 3961 PRF for 3DES change to be an 8-byte output or
> not. Currently if you assume that the text says to truncate to the
> nearest multiple of m, then the 3DES PRF should be 16 bytes.
> As far as I can tell, no one is shipping DES or 3DES PRF, but I only
> checked Heimdal up through 1.2.
> My assumption for MIT is that we want to be consistent with RFC 3961
> except for AES.
> So, that would mean that
> des: cbc-encrypt(md5(prf_input))
> 3des: cbc-encrypt(sha-1(prf_input) trunc to 128-bits) with
> rc4: hmac-sha1(prf_input) with key
> aes: ecb-encrypt(sha-1(prf_input) trunc to 128-bits) with dk(key,
> Do people agree with that? If MIT should do something different for
> DES or 3DES, now would be the right time to speak up. We're fairly
> committed to our RC4 and AES implementations.
> krbdev mailing list krbdev at mit.edu
More information about the krbdev