Re: Comments on SP800-108

2008-05-06 Thread Peter Gutmann
Jack Lloyd [EMAIL PROTECTED] writes: As a standard, this is specification is a disaster. Somewhat more strongly worded than my comments :-), but I had the same feeling: Why yet another bunch of arbitrary PRF/KDFs to implement? We now have ones for SSL, for TLS, for SSH, for IKE, for PGP, for

Comments on SP800-108

2008-05-05 Thread Jack Lloyd
Hi, As a standard, this is specification is a disaster. Just from a quick read, I see the following: However, alternative orders for the input data fields may be used for a KDF. with a length specified by the function, an algorithm, or a protocol which uses T as an input. In feedback mode, the