RE: In XML encryption 1.1, the PBKDF2-params/KeyLength is superfluous from Pratik Datta on 2011-10-17 (public-xmlsec@w3.org from October 2011)

From: Pratik Datta <pratik.datta@oracle.com>
Date: Mon, 17 Oct 2011 13:08:26 -0700 (PDT)
To: Magnus Nystrom <mnystrom@microsoft.com>, "XMLSec WG Public List (public-xmlsec@w3.org)" <public-xmlsec@w3.org>
Message-ID: <40a75d86-d494-4c3e-82a2-0d86b385938b@default>

Even the original Diffie Helman of XML encryption 1.0, which we now call "legacy KDF"  does not have keydatalen.

So I think we should not have KeyLength anywhere.  

Another thing to compare with is wsc:DerivedKeyToken  http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512/ws-secureconversation-1.3-os.html#_Toc162064057
Here the /wsc:DerivedKeyToken/wsc:Length  is optional

Pratik

-----Original Message-----
From: Magnus Nystrom [mailto:mnystrom@microsoft.com] 
Sent: Monday, October 17, 2011 10:03 AM
To: Pratik Datta; XMLSec WG Public List (public-xmlsec@w3.org)
Subject: RE: In XML encryption 1.1, the PBKDF2-params/KeyLength is superfluous

True. Perhaps we should instead add the KeyDatalen to ConcatKDF (at least as an optional?)?

I am a little wary at doing any changes to the schema at this late point though given that what we have apparently works - but I can see the inconsistency. I'd rather not change the PBKDF2 schema though since we currently have alignment with the schema for PKCS #5 - the same elements & attributes.

-- Magnus


> -----Original Message-----
> From: Pratik Datta [mailto:pratik.datta@oracle.com]
> Sent: Monday, October 17, 2011 9:25 AM
> To: Magnus Nystrom; XMLSec WG Public List (public-xmlsec@w3.org)
> Subject: RE: In XML encryption 1.1, the PBKDF2-params/KeyLength is
> superfluous
> 
> Even for ConcatKDF, "keydatalen" is a required input to the algorithm.
> But we don't have that as a parameter for ConcatKDF. It needs to be inferred.
> 
> Pratik
> 
> -----Original Message-----
> From: Magnus Nystrom [mailto:mnystrom@microsoft.com]
> Sent: Monday, October 17, 2011 8:57 AM
> To: XMLSec WG Public List (public-xmlsec@w3.org)
> Subject: RE: In XML encryption 1.1, the PBKDF2-params/KeyLength is
> superfluous
> 
> Pratik wrote:
> 
> > Can we remove the  KeyLength parameter in  PBKDF2 ?
> > In the other two key derivation functions - ConcatKDF and
> > LegacyKeyDerivation, the length of the key to be derived is not specified ,
> rather it needs to be inferred from the context.  We should have PBKDF2  also
> behave similarly.
> 
> I don't see how one could do this as the KeyLength is an integral part of the
> PBKDF2 algorithm. For example, it is used to determine how many blocks of
> hash output that is required. I'd recommend not trying to change this at this
> point.
> 
> -- Magnus
> 
>

Received on Monday, 17 October 2011 20:09:12 UTC