David Wagner <d...@cs.berkeley.edu> writes:

>(You could replace AES-CMAC with SHA1-HMAC, but why would you want to?)

The answer to that depends on whether you need to support an existing base of
crypto software and hardware.  Even though (in this case) it's a new standard,
it still requires support from the underlying crypto libraries.  If little or
none of those do AES-CMAC yet (I don't think Windows CryptoAPI does, only very
recent versions of OpenSSL do... it's not looking good) then you'd want to
stick with HMAC-SHA1.

(Forestalling the inevitable "but developers can implement AES-CMAC themselves 
from raw AES" that I'm sure someone will follow up with, the target audience 
for this is web application developers, not cryptographers, so you need to 
give them something that works as required out of the box).


The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com

Reply via email to