Thread Links			Date Links
Thread Prev	Thread Next	Thread Index	Date Prev	Date Next	Date Index

Re: p1619.1 document (tape), draft version 0.4

To: Landon Noll <lnoll@xxxxxxxxxxxx>
Subject: Re: p1619.1 document (tape), draft version 0.4
From: james hughes <Jim.P.Hughes@xxxxxxx>
Date: Thu, 05 Jan 2006 16:56:00 -0500
Cc: james hughes <Jim.P.Hughes@xxxxxxx>, SISWG <stds-p1619@xxxxxxxx>
In-reply-to: <481D3AAC8CCDEB4994A938935D8CD1E270A6A1@nsclexch2.nsclintra.net>
References: <481D3AAC8CCDEB4994A938935D8CD1E270A6A1@nsclexch2.nsclintra.net>
Sender: stds-p1619@xxxxxxxx

We have some challenges.

The CCM spec does not allow long IVs.

Thinking out loud... If we do not want to use SHA-1, would it be  
possible to K2 = E_k1(id) or K2 = E_id(k11) where k1 is the key  
provided, id is a 16 byte is vendor unique (or standard name) and K2  
is the actual media key. This way, we don't introduce a new algorithm  
into the standard? (more algorithms, more potential weaknesses).

jim

On Jan 5, 2006, at 3:12 PM, Landon Noll wrote:

>> There are two ways that I see to solve the IV collision issue:
>>
>> 1. Allow longer IVs: The GCM spec allows IVs of any size, we can just
>>   do the same for 1619.1, and leave it to the application to  
>> decide how
>>   to set the IV and to what size. The application can then set the  
>> IV to
>>   include the vendor-ID and whatever else it wants to put there.  
>> (Does
>>   the CCM spec allow long IVs?) just allow any-size IV and put  
>> some appendix that
>> describe the multi-vendor IV issue and sketches the two
>> solutions above.
>
> I strongly favor this option.

References:
- RE: p1619.1 document (tape), draft version 0.4
  - From: Landon Noll

Prev by Date: p1619.1 (tape): Link to Hash-Based Key Derivation
Next by Date: RE: p1619.1 document (tape), draft version 0.4
Prev by thread: RE: p1619.1 document (tape), draft version 0.4
Next by thread: RE: p1619.1 document (tape), draft version 0.4
Index(es):
- Date
- Thread