Thread Links | Date Links | ||||
---|---|---|---|---|---|
Thread Prev | Thread Next | Thread Index | Date Prev | Date Next | Date Index |
--- This message came from the IEEE 802.11 Working Group Reflector ---_______________________________________________________________________________
Hello,
I may not be at the 11mc session where 11-14/1104r1 is presented so Iwant to get discussion on it started on the mailing list.
There are some issues with the proposed description of various designationsof the Secure Hash Algorithm family of hash functions. In an effort to obtainwhat the author views as "consistency" he has introduced ambiguity and,in my opinion, incorrectness.
There are 3 families of the Secure Hash Algorithm. There's the 1st family ofSHA, (which is just designated SHA1) and there's the 2nd family of SHA (knownas SHA2) which is SHA256 and SHA512, including truncated versions of each,SHA224 is a truncated version of SHA256 and SHA384 is a truncated version ofSHA512. The 3rd family of SHA, SHA3 is a weird beast that we don't need totrouble ourselves with since we're not using it.
It is important to understand, though, that SHA1, SHA256, and SHA512 aredifferent. They are not just truncated versions of the same function. And whileSHA256 does actually produce 256-bits of digest output, SHA1 does notproduce 1-bit of digest output, it produces 160-bits. But we (802.11) dotruncate the output of SHA family hash functions. For instance, we sometimeswant only the first 128-bits of SHA1. Just to make things more complicated,we also use the HMAC construct with a SHA family algorithm.
So how to deal with identifying the appropriate algorithm in the appropriatefamily of SHA, whether it is alone or as HMAC, and how to identify the particularoutput bit length that we are concerned with? 11-14/1104r1 does a poor job.Let me propose a better way:
* the particular algorithm of the family is used without any hyphens— forexample, it's SHA256 not SHA-256, and it's SHA1 always.
* when we want to truncate we add a hyphen and indicate the bit length wewant to use— for example, it's SHA256-128 (not sure why we'd do this but it'san example) or SHA1-128.
* if we don't add a hyphen and number indicating truncation then the entirelength of the algorithm output is used.
* if we want to use the HMAC construct we prepend "HMAC-" to the SHA familyalgorithm indicated, including any possible indication of truncation— forexample, HMAC-SHA256 or HMAC-SHA1-128.
* if we don't prepend "HMAC-" then we are using the algorithm directly, andnot as a keyed hash function.
While 11-14/1104r1 does this correct in some cases— it proposes tochange "HMAC-SHA-256" to "HMAC-SHA256"-- it does it wrong in othercases— it proposes to change "SHA1" to "SHA-1".
Also, if we adopt this more correct way of referring to these variousincarnations of hashing we do not need to say something like"Truncate-128(HMAC-SHA1(xxx))" we just say HMAC-SHA1-128(xxx)".
Minor grammatical gripe: there is no such algorithm called"HMAC-SHA1-64", or even "HMAC-SHA-1-64" so we should not be usingthe definite article when describing the use of SHA1 in an HMACconstruct while truncating the output to 64 bits.
Please modify 11-14/1104r1 to adopt this more correct terminologybefore it gets adopted.
regards,
Dan.
If you wish to be removed from this reflector, do not send your request to this reflector - it will have no effect.
Instead, go to http://listserv.ieee.org/cgi-bin/wa?SUBED1=STDS-802-11 and then press the LEAVE button.
If there is no LEAVE button here, try http://listserv.ieee.org/cgi-bin/wa?SUBED1=STDS-802-11-RO.
Further information can be found at: http://www.ieee802.org/11/Email_Subscribe.html _______________________________________________________________________________
If you wish to be removed from this reflector, do not send your request to this reflector - it will have no effect.
Instead, go to http://listserv.ieee.org/cgi-bin/wa?SUBED1=STDS-802-11 and then press the LEAVE button.
If there is no LEAVE button here, try http://listserv.ieee.org/cgi-bin/wa?SUBED1=STDS-802-11-RO.
Further information can be found at: http://www.ieee802.org/11/Email_Subscribe.html _______________________________________________________________________________