[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Cfrg] soliciting feedback on HKDF

To: "Blumenthal, Uri" <uri at ll.mit.edu>
Subject: Re: [Cfrg] soliciting feedback on HKDF
From: Basil Dolmatov <dol at cryptocom.ru>
Date: Tue, 20 Oct 2009 18:58:42 +0400
Cc: "'tim.polk at nist.gov'" <tim.polk at nist.gov>, "'cfrg at irtf.org'" <cfrg at irtf.org>, "'hugo at ee.technion.ac.il'" <hugo at ee.technion.ac.il>, "'mcgrew at cisco.com'" <mcgrew at cisco.com>
Delivered-to: cfrg at core3.amsl.com
In-reply-to: <90E934FC4BBC1946B3C27E673B4DB0E4A7E75F6BDF at LLE2K7-BE01.mitll.ad.local>
List-archive: <http://www.irtf.org/mail-archive/web/cfrg>
List-help: <mailto:cfrg-request@irtf.org?subject=help>
List-id: Crypto Forum Research Group <cfrg.irtf.org>
List-post: <mailto:cfrg@irtf.org>
List-subscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
List-unsubscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
References: <90E934FC4BBC1946B3C27E673B4DB0E4A7E75F6BDF at LLE2K7-BE01.mitll.ad.local>
User-agent: Thunderbird 2.0.0.23 (X11/20090817)

Blumenthal, Uri пишет:

I'd like to bring up my old question that hasn't been answered.

Design of hash functions had  producing unique digests (collision avoidance) as its primary goal. Any randomization properties - if they existed - were just a by-product.

Engineers noticed that hash output looked random to them, and started using hash functions as randomizers.

HMAC construct was designed to foil certain attacks against keyed hash functions. What are the reasons to believe that HMAC adds anything to the randomization property of the underlying hash functions?

(I'm not asking for a proof - just give me something that wouldn't be foolish to believe :-)

There cannot be a definite answer without a thorough mathematicalanalysis of HMAC transformation and its influence upon randomness of thesource.

Moreover, taking into account that hash output is not by definition thesource of uniformly distributed randomness, the question whichproperties will be held by the result of consecutive computation of hashand HMAC will definitely depend upon the hash function used and HMACtransformation used.


dol@

References:
- Re: [Cfrg] soliciting feedback on HKDF
  - From: Blumenthal, Uri

Prev by Date: Re: [Cfrg] soliciting feedback on HKDF
Next by Date: Re: [Cfrg] soliciting feedback on HKDF
Previous by thread: Re: [Cfrg] soliciting feedback on HKDF
Next by thread: Re: [Cfrg] soliciting feedback on HKDF
Index(es):
- Date
- Thread