Thread Links			Date Links
Thread Prev	Thread Next	Thread Index	Date Prev	Date Next	Date Index

RE: p1619.1 document (tape), draft version 0.4

To: "SISWG" <stds-p1619@xxxxxxxx>
Subject: RE: p1619.1 document (tape), draft version 0.4
From: "Matt Ball" <matt.ball@xxxxxxxxxxx>
Date: Wed, 18 Jan 2006 15:40:01 -0700
Sender: stds-p1619@xxxxxxxx
Thread-Index: AcYSCWzfUa0Tz5VgSgG/zkhms4P3/wABrYbQApvanAA=
Thread-Topic: p1619.1 document (tape), draft version 0.4

I wanted to put out a quick correction to this e-mail I sent on Jan 5th:

The actual GMAC specification requires hashing the IV if its length does not equal exactly 96 bits.  As an example, a 64-bit IV gets hashed.

Sorry for the confusion.

-Matt

-----Original Message-----
From: stds-p1619@IEEE.ORG [mailto:stds-p1619@IEEE.ORG]On Behalf Of Matt
Ball
Sent: Thursday, January 05, 2006 10:17 AM
To: Shai Halevi; SISWG
Subject: RE: p1619.1 document (tape), draft version 0.4


Here are a couple comments on using an arbitrarily long IV:
-----------------------------------------------------------

According to the GMAC specification here are the two ways to create Y0 (the first input into the AES engine):

Y0 = IV || 0x00000001 	(if length(IV) = 96 bits)
Y0 = GHASH(H, {}, IV) 	(if length(IV) > 96 bits)

(practically speaking, if length(IV) < 96 bits, then zero fill until length(IV) = 96 bits)

Prev by Date: Re: "the most important applications"
Next by Date: Re: RSA Conference BOF for Storage Security.
Prev by thread: Re: p1619.1 document (tape), draft version 0.4
Next by thread: RE: wide-block modes
Index(es):
- Date
- Thread