On 2011-10-04 at 14:22:49, Manger, James H wrote: > > di:sha-128:B_K97zTtFuOhug27fke4_Q?enc=aes-cbc:Fw3x20nEKfq6FDGzq7ttIQ > > Instead if defining new names for truncated digests, why not simply > include a truncated digest with the existing algorithm name? You can > determine the truncation (in bytes) from the length of the base64url- > encoding so there is no ambiguity.
You would have to specify that the truncation is by the byte, rather than by 6-bit slices. I see that you carefully used 'Bw' instead of 'B_' :) I'll note that base16 avoids that particular problem. > The only downside I see is the risk of bad implementations accepting > a digest truncated to, say, 1 byte (eg di:sha-256:Bw) instead of > enforcing a minimum security level. It might be enough to say that truncation is possible, though it increases the chances of collision. ...and that you should care about that. --Martin _______________________________________________ websec mailing list [email protected] https://www.ietf.org/mailman/listinfo/websec
