Currently JWA defines two password-based key encryption algorithms:
PBES2-HS256+A128KW
PBES2-HS256+A256KW
I was surprised that when the AES key size was increased from 128 to 256, the
HMAC key size was not also increased from 256 to 512. Sean, Matt had told me
that this used to be the case in his individual draft, but that you had
requested that HMAC SHA-256 be used for both algorithms.
If for no other reasons than symmetry, I'm curious why. For instance, in
McGrew's AES-CBC-HMAC-SHA2 draft, these pairings are made:
128 bit AES with 256 bit HMAC
192 bit AES with 384 bit HMAC
256 bit AES with 512 bit HMAC
Sean, why aren't we doing the same for password-based encryption?
Thanks,
-- Mike
_______________________________________________
jose mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/jose
