Daniel Shiu <[email protected]> wrote: > While working on cryptographic inventory tools, I noticed that the IKE > authentication methos AUTH_HMAC_SHA1_96 (SHA1-based HMAC truncated to > 96-bits) is permitted in IKEv2 per RFC 8247 (status MUST- according t
Note, it's *HMAC* SHA1.
> Have I missed the deprecation elsewhere, or is further action merited.
HMAC consists of two passes of SHA1, and includes padding in such a way that
means that pre-image attacks where the attack text is longer than the
original does not work.
So, I am not falling overmyself to deprecate HMAC-SHA1.
I'm happy to leave things as they are until a revision to 8247 is done.
Note that MUST- means that it is already on it's "way down"
--
Michael Richardson <[email protected]> . o O ( IPv6 IøT consulting )
Sandelman Software Works Inc, Ottawa and Worldwide
signature.asc
Description: PGP signature
_______________________________________________ IPsec mailing list -- [email protected] To unsubscribe send an email to [email protected]
