[ntp:hackers] How to find hash length without calculating a hash?

Brian Utterback brian.utterback at oracle.com
Sat Jun 4 15:03:53 UTC 2016


On 6/2/2016 10:55 PM, Danny Mayer wrote:
> On 5/31/2016 11:03 PM, brian utterback wrote:
>> Is there anyway to determine the expected hash length for an
>> indeterminate hash object without actually calculating the hash?
> See EVP_MD_size().
>
> Danny
>

Thanks, Danny.

I am interested in the answers to the questions that Harlan posed, also 
a couple of comments I have. I haven't finished reading the discussion 
from when the draft was first published, I am afraid I didn't have the 
cycles at the time to keep up. I think it is not unreasonable to allow 
for multiple MACs in the extension, but perhaps it might be better 
handled with having multiple MAC extension fields in the packet. I do 
wonder why the lengths are all up front since that makes it more 
difficult to construct the field. I also question the decision  in the 
draft that says that the MAC only covers the data up to but not 
including the MAC extension, which Harlan affirmed in his message. I 
think that is wrong, that it should include all of the data up to the 
beginning of the MAC, including the keyid.

Also, I have spent a considerable amount of time looking at the 
modifications necessary to add extensions to the reference code and I am 
very strongly of the opinion that the extension MAC should not be 
allowed with a legacy MAC. In fact, at this point in time I would say 
that a legacy MAC should only be allowed by itself or with the current 
AUTOKEY extensions and no others. I am not ideological about the point, 
it is just that using those two restrictions plus one more of saying 
that extension fields, if used, must total to more than 24 bytes. These 
rules allow for a fairly simple algorithm to parse packets both old and 
new. The current situation doesn't allow for a deterministic algorithm 
at all. If I could find an algorithm or someone else tells me one, I 
would happy to relax that restriction.

-- 
Oracle <http://www.oracle.com>
Brian Utterback | Principal Software Engineer
Phone: +1 6038973049 <tel:+1%206038973049>
Oracle Systems/RPE Solaris Network
1 Oracle Dr. | Nashua, NH 03062
------------------------------------------------------------------------
All working systems eventually show their own agendas.
------------------------------------------------------------------------
Green Oracle <http://www.oracle.com/commitment> Oracle is committed to 
developing practices and products that help protect the environment


More information about the hackers mailing list