Using HMAC-SHA-256, HMAC-SHA-384, and HMAC-SHA-512 with IPsec

Frankel, Sheila E.; Kelly, Scott

doi:10.17487/rfc4868

Cited by 40 publications

(27 citation statements)

References 1 publication

Supporting

Mentioning

Contrasting

Order By: Relevance

“…This type of Rekey ACK is identical to the REKEY_ACK_KEK_SHA256 Type, except that the prf is PRF-HMAC-SHA-512 (defined in [RFC4868]). …”

Section: Rekey_ack_kek_sha512 Typementioning

confidence: 99%

See 1 more Smart Citation

Group Domain of Interpretation (GDOI) GROUPKEY-PUSH Acknowledgement Message

Mangla¹,

Karl²,

Weis³

et al. 2017

View full text Add to dashboard Cite

“…This type of Rekey ACK is identical to the REKEY_ACK_KEK_SHA256 Type, except that the prf is PRF-HMAC-SHA-512 (defined in [RFC4868]). …”

Section: Rekey_ack_kek_sha512 Typementioning

confidence: 99%

“…If the base_key is smaller than the prf block size (i.e., 512 bits for PRF-HMAC-SHA-256), then it is zero-filled to the right, as specified in Section 2.1.2 of [RFC4868].…”

Section: Hashmentioning

confidence: 99%

Group Domain of Interpretation (GDOI) GROUPKEY-PUSH Acknowledgement Message

Mangla¹,

Karl²,

Weis³

et al. 2017

View full text Add to dashboard Cite

“…IETF RFC 4868 [46] specifies HMAC-SHA-256-128, i.e., HMAC with SHA-256 [32] as the underlying hash function and parameters r=d=256 and t=128, presumably intended to achieve a 128-bit security level. Since r ≫ t, Attack 1 is certain to fail when HMAC-SHA-256-128 is used in the multi-user setting.…”

Section: An Attack On Mac*mentioning

confidence: 99%

Another Look at Tightness

Chatterjee

Menezes

Sarkar

2012

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Abstract. We examine a natural, but non-tight, reductionist security proof for deterministic message authentication code (MAC) schemes in the multi-user setting. If security parameters for the MAC scheme are selected without accounting for the non-tightness in the reduction, then the MAC scheme is shown to provide a level of security that is less than desirable in the multi-user setting. We find similar deficiencies in the security assurances provided by non-tight proofs when we analyze some protocols in the literature including ones for network authentication and aggregate MACs. Our observations call into question the practical value of non-tight reductionist security proofs. We also exhibit attacks on authenticated encryption schemes, disk encryption schemes, and stream ciphers in the multi-user setting.

show abstract

“…HMAC-SHA1 keys will consist of 160 bits [RFC2404], and HMAC-MD5 keys will consist of 128 bits [RFC2403]. HMAC-SHA2 and AES-GMAC keys will have a key length equal to the output length of the hash functions [RFC4868] [RFC4543].…”

Section: Tek_integrity_keymentioning

confidence: 99%