[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Cfrg] Fwd: Can CMAC and/or GMAC be substituted in an HMAC-styledKDF?

To: <hugo at ee.technion.ac.il>, <cfrg at irtf.org>
Subject: Re: [Cfrg] Fwd: Can CMAC and/or GMAC be substituted in an HMAC-styledKDF?
From: "Dan Brown" <dbrown at certicom.com>
Date: Wed, 9 Dec 2009 15:41:51 -0500
Delivered-to: cfrg at core3.amsl.com
In-reply-to: <e89b43830912091057j11b6dad3nf773003b32b656c9 at mail.gmail.com>
List-archive: <http://www.irtf.org/mail-archive/web/cfrg>
List-help: <mailto:cfrg-request@irtf.org?subject=help>
List-id: Crypto Forum Research Group <cfrg.irtf.org>
List-post: <mailto:cfrg@irtf.org>
List-subscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
List-unsubscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
Thread-index: Acp5AXu0EVRZ0ph+RBiV6AdZDGV2JgADo0of
Thread-topic: [Cfrg] Fwd: Can CMAC and/or GMAC be substituted in an HMAC-styledKDF?

This raises a minor, non-security issue: isn't a KDF a lower level primitive than a MAC?  E.g. the key in a MAC is one of the intended purposes of the output of a KDF, not the other way.   If so, isn't it architecturally awkward to define a KDF that has built-in component of a MAC?  E.g. HKDF has HMAC built-in.

More philosophically, is building new primitives from old primitives, where the old have to do more than their original aim (e.g. HMAC as more than MAC, SHA1 as more than CRHF) the wisest approach?  Does it put too much reliance on these retrofitted primitives?

---------------------------------------------------------------------
This transmission (including any attachments) may contain confidential information, privileged material (including material protected by the solicitor-client or other applicable privileges), or constitute non-public information. Any use of this information by anyone other than the intended recipient is prohibited. If you have received this transmission in error, please immediately reply to the sender and delete this information from your system. Use, dissemination, distribution, or reproduction of this transmission by unintended recipients is not authorized and may be unlawful.

Follow-Ups:
- Re: [Cfrg] Fwd: Can CMAC and/or GMAC be substituted in an HMAC-styledKDF?
  - From: Hugo Krawczyk

References:
- [Cfrg] Fwd: Can CMAC and/or GMAC be substituted in an HMAC-styled KDF?
  - From: Hugo Krawczyk

Prev by Date: [Cfrg] Fwd: Can CMAC and/or GMAC be substituted in an HMAC-styled KDF?
Next by Date: Re: [Cfrg] Fwd: Can CMAC and/or GMAC be substituted in an HMAC-styledKDF?
Previous by thread: [Cfrg] Fwd: Can CMAC and/or GMAC be substituted in an HMAC-styled KDF?
Next by thread: Re: [Cfrg] Fwd: Can CMAC and/or GMAC be substituted in an HMAC-styledKDF?
Index(es):
- Date
- Thread