[ntp:hackers] How to find hash length without calculating a hash?
Brian Utterback
brian.utterback at oracle.com
Sat Jun 4 15:03:53 UTC 2016
On 6/2/2016 10:55 PM, Danny Mayer wrote:
> On 5/31/2016 11:03 PM, brian utterback wrote:
>> Is there anyway to determine the expected hash length for an
>> indeterminate hash object without actually calculating the hash?
> See EVP_MD_size().
>
> Danny
>
Thanks, Danny.
I am interested in the answers to the questions that Harlan posed, also
a couple of comments I have. I haven't finished reading the discussion
from when the draft was first published, I am afraid I didn't have the
cycles at the time to keep up. I think it is not unreasonable to allow
for multiple MACs in the extension, but perhaps it might be better
handled with having multiple MAC extension fields in the packet. I do
wonder why the lengths are all up front since that makes it more
difficult to construct the field. I also question the decision in the
draft that says that the MAC only covers the data up to but not
including the MAC extension, which Harlan affirmed in his message. I
think that is wrong, that it should include all of the data up to the
beginning of the MAC, including the keyid.
Also, I have spent a considerable amount of time looking at the
modifications necessary to add extensions to the reference code and I am
very strongly of the opinion that the extension MAC should not be
allowed with a legacy MAC. In fact, at this point in time I would say
that a legacy MAC should only be allowed by itself or with the current
AUTOKEY extensions and no others. I am not ideological about the point,
it is just that using those two restrictions plus one more of saying
that extension fields, if used, must total to more than 24 bytes. These
rules allow for a fairly simple algorithm to parse packets both old and
new. The current situation doesn't allow for a deterministic algorithm
at all. If I could find an algorithm or someone else tells me one, I
would happy to relax that restriction.
--
Oracle <http://www.oracle.com>
Brian Utterback | Principal Software Engineer
Phone: +1 6038973049 <tel:+1%206038973049>
Oracle Systems/RPE Solaris Network
1 Oracle Dr. | Nashua, NH 03062
------------------------------------------------------------------------
All working systems eventually show their own agendas.
------------------------------------------------------------------------
Green Oracle <http://www.oracle.com/commitment> Oracle is committed to
developing practices and products that help protect the environment
More information about the hackers
mailing list