Re: [Gen-art] Gen-ART Telechat Review of draft-ietf-csi-hash-threat-09

Tue, 09 Mar 2010 20:00:42 -0800 

Hi Pete,
  Thanks for the comments. Please see responses inline.

On 10-03-09 05:32 PM, McCann Peter-A001034 wrote:

I have been selected as the General Area Review Team (Gen-ART) reviewer
for this draft (for background on Gen-ART, please see
http://www.alvestrand.no/ietf/gen/art/gen-art-FAQ.html).

Please wait for direction from your document shepherd or AD before
posting a new version of the draft.

Document: draft-ietf-csi-hash-threat-09
Reviewer: Pete McCann
Review Date: 09 March 2010
IESG Telechat date: 11 March 2010
Summary: A couple of minor issues, and numerous editorial fixes are needed before publication. 

Major issues:  None.

Minor issues:

Introduction:
   There is a great variaty of hash functions, but only MD5 and SHA-1
   are in the wide use, which is also the case for SEND
This sentence makes a statement about MD5 and SHA-1 being the only
widely
used hash functions, but I can't figure out what it is saying about
SEND.
Is it saying that SEND is widely used?  Or did you mean to say that SEND
implementations typically only implement MD5 and SHA-1?


The latter. I propose changing the text to

"There is a great variety of hash functions, but only MD5 and SHA-1
are widely used. SEND implementations also typically use these two hash algorithms." 




Section 3:
   Supposing that the hash function
   produces an n-bit long output, since each output is equally likely,
   an attack takes an order of 2^n operations to be successful.
SHOULD SAY: "on the order of". 

OK.


But this sentence is just plain
incorrect (see below).
  Due to
   the birthday attack, if the hash function is supplied with a random
   input, it returns one of the k equally-likely values, and the number
   of operations can be reduced to the number of 1.2*2^(n/2) operations.
There is no "birthday attack."  And I think you meant 2^n instead of k.
The result you give is due to an equation that is commonly illustrated
with
a problem known as the "birthday paradox."
Right. A birthday attack is an attack that exploits the mathematics behind the birthday paradox. It is a fairly commonly used term. Would you like me to change something? 



Nits/editorial comments:


Agree with you on all these comments. Will fix all these.

Thanks
Suresh


_______________________________________________
Gen-art mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/gen-art

Reply via email to