TextSecure paper apparently also dings them for truncating SHA-2 hashes. Think of the findings you doc when you have nothing good to doc.
-
-
@BRIAN_____@kyhwana yeah this may be pentester bias showing through.Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
@BRIAN_____@kyhwana OTOH: truncation of MACs is a basic design feature of most MAC constructions, right? -
-
@BRIAN_____@tqbf@kyhwana truncated PRF is still a PRF, HMAC is a PRF, PRFs are MACs, this is trivial. -
@trevp__@brian_____@kyhwana@tqbf It used to be considered an open question whether truncated md5/sha1 was ok. Nist fixed that. -
-
@BRIAN_____@marshray@kyhwana@tqbf I just gave you the proof! It's obviously secure if you believe well known proofs that hmac is a prf. -
@trevp__@marshray@kyhwana@tqbf I responded on the mailing list: https://moderncrypto.org/mail-archive/messaging/2014/001034.html … -
@BRIAN_____@trevp__@kyhwana@tqbf http://tools.ietf.org/html/rfc2104#section-5 … "A well-known practice with msg authentication codes is to truncate the output" - 5 more replies
New conversation -
-
-
@BRIAN_____@kyhwana A little like complaining that a protocol doesn’t use the full space of, say, CCM or GCM auth tag.Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.