TextSecure paper apparently also dings them for truncating SHA-2 hashes. Think of the findings you doc when you have nothing good to doc.
-
-
@BRIAN_____@tqbf@kyhwana truncated PRF is still a PRF, HMAC is a PRF, PRFs are MACs, this is trivial. -
@trevp__@brian_____@kyhwana@tqbf It used to be considered an open question whether truncated md5/sha1 was ok. Nist fixed that. -
-
@BRIAN_____@marshray@kyhwana@tqbf I just gave you the proof! It's obviously secure if you believe well known proofs that hmac is a prf. -
@trevp__@marshray@kyhwana@tqbf I responded on the mailing list: https://moderncrypto.org/mail-archive/messaging/2014/001034.html … -
@BRIAN_____@trevp__@kyhwana@tqbf http://tools.ietf.org/html/rfc2104#section-5 … "A well-known practice with msg authentication codes is to truncate the output" -
-
- 3 more replies
New conversation -
-
-
@BRIAN_____@tqbf@kyhwana Look up Koblitz's NMAC paper, for example; the proof is symmetric. (Or I think there's a Bellare one too...)Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.