Re: AES-CMAC - MAC lengths other than 128 from Richard Barnes on 2014-02-21 (public-webcrypto@w3.org from February 2014)

From: Richard Barnes <rlb@ipv.sx>
Date: Fri, 21 Feb 2014 10:24:49 -0500
To: Jim Schaad <ietf@augustcellars.com>
Cc: Mark Watson <watsonm@netflix.com>, "public-webcrypto@w3.org" <public-webcrypto@w3.org>
Message-ID: <CAL02cgQpVQrCOYDJyc=fVU+pM=uxCKyE02b1HwNsH8U0W4SiOw@mail.gmail.com>

For generation: Can't the JS truncate the MAC after it gets the full result
back?

For verification: I'm wary of having the API accept arbitrarily short MACs.
 You would need to specify acceptable lengths in order to avoid things like
an 8-bit MAC being accepted.  Is there standard practice / documentation
for these lengths?

On Thu, Feb 20, 2014 at 10:55 PM, Jim Schaad <ietf@augustcellars.com> wrote:

> Starting with the editorial note in section 18.12.1 - I would be  a strong
> advocate that MAC lengths other than 128 should be supported by the
> algorithm.  There is a section of the security community (no comment as it
> the correctness of its view) that states that security is increased by
> truncating the MAC from 128 to 96 bits.  This is a feature that people will
> want supported.
>
>
>
> Jim
>
>
>

Received on Friday, 21 February 2014 15:25:16 UTC