'CVS: tmda CRYPTO,1.3,1.4 ChangeLog,1.30,1.31'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       tmda-cvs
Subject:    CVS: tmda CRYPTO,1.3,1.4 ChangeLog,1.30,1.31
From:       "Jason R. Mastaler" <jasonrm () users ! sourceforge ! net>
Date:       2001-09-19 16:23:40
[Download RAW message or body]

Update of /cvsroot/tmda/tmda
In directory usw-pr-cvs1:/tmp/cvs-serv1511

Modified Files:
	CRYPTO ChangeLog 
Log Message:
Add support for variable length HMACs.  This was done for flexibility
in cases where the default HMAC size (24-bit) was not commensurate
with the requirements of the local security policy.


Index: CRYPTO
===================================================================
RCS file: /cvsroot/tmda/tmda/CRYPTO,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -r1.3 -r1.4
--- CRYPTO	2001/07/18 16:20:32	1.3
+++ CRYPTO	2001/09/19 16:23:37	1.4
@@ -20,7 +20,7 @@
 
     DATE is seconds since the epoch in UTC, expressed as an integer.
   
-    DATEMAC is a 24-bit HMAC of DATE.
+    DATEMAC is an HMAC of DATE.
 
 Incoming 'dated' messages are accepted if:
 
@@ -42,7 +42,7 @@
 
     (For example, jason-sender-8c54ac@mastaler.com)
 
-    SENDERMAC is a 24-bit HMAC of the sender's e-mail address.
+    SENDERMAC is an HMAC of the sender's e-mail address.
 
 Incoming 'sender' messages are accepted if:
 
@@ -63,8 +63,8 @@
 
     PID is the process-id of the current Python process.
 
-    CONFIRMMAC is a 24-bit HMAC as a function of TIMESTAMP, PID, and
-    the string 'accept'.
+    CONFIRMMAC is an HMAC as a function of TIMESTAMP, PID, and the
+    string 'accept'.
 
 Confirmation request acknowledgments are accepted if:
 
@@ -84,8 +84,8 @@
   amkCrypto/OpenSSL compilation/installation difficulties proved to be
   the biggest stumbling block for new users of earlier TMDA releases.
 
-* The resultant "cookies" are shorter.  (6 hex characters as compared
-  to 16 for 'dated', and 6 hex characters as compared to 40 for 'sender')
+* The default "cookies" are shorter.  (6 hex characters as compared to
+  16 for 'dated', and 6 hex characters as compared to 40 for 'sender')
 
 * It is the right construction to be using from a cryptographic
   perspective.  (MACs were designed for exactly these type of
@@ -96,15 +96,29 @@
 --------------
 
 With HMACs, the length of the key determines how hard it is to "break"
-the system, that is, find the key and be able to forge arbitrary
+the system; that is, find the key and be able to forge arbitrary
 messages (create arbitrary email addresses, in this context).  With
 this in mind, TMDA uses long (160-bit) random private keys.
 
-The length of the HMAC determines the likelihood that a random message
-is a forgery.  If you use n bits in your HMAC, the chance of this is 1
-in 2**n. .  One way to try to sneak messages past TMDA would be to
-simply pick a random string as the HMAC and hope that it verified
-correctly.  TMDA uses 24-bit HMACs (3 bytes, 6 hex characters) which
-means the chance of a successful forgery is 1 in 16,777,216.  Very
-unlikely when you consider that to test a forged HMAC, the attacker
-must actually send you an e-mail message and wait for the result.
+One way to try to sneak messages past TMDA would be to simply pick a
+random string as the HMAC and hope that it verified correctly.  The
+length of the HMAC determines the likelihood that a random message is
+a forgery.  If you use n bits in your HMAC, the chance of this is 1 in
+2**n.  By default, TMDA uses 24-bit HMACs (3 bytes, 6 hex characters).
+Here are some statistics for HMACs of various sizes:
+
+HMAC_BYTES  CHARS  BITS  CHANCE OF FORGERY       EXAMPLE
+----------  -----  ----	 -----------------	 -------
+1	    2      8	 1 in 256		 e9
+2	    4      16    1 in 65,536		 f9c4
+3	    6      24    1 in 16,777,216	 3fd2f2
+4	    8      32    1 in 4,294,967,296	 596b0ba3
+5	    10     40    1 in 1,099,511,627,776	 490e78c8d9
+[...]
+
+You can alter the length of your HMACs (through HMAC_BYTES) if you are
+not comfortable with the default.  However, the default should provide
+sufficient protection when you consider that to test a forged HMAC,
+the attacker must actually send you an e-mail message and wait for the
+result.  Longer HMACs also mean longer e-mail addresses to work with.
+

Index: ChangeLog
===================================================================
RCS file: /cvsroot/tmda/tmda/ChangeLog,v
retrieving revision 1.30
retrieving revision 1.31
diff -u -r1.30 -r1.31
--- ChangeLog	2001/09/13 23:36:23	1.30
+++ ChangeLog	2001/09/19 16:23:37	1.31
@@ -1,3 +1,7 @@
+2001-09-19  Jason R. Mastaler  <jasonrm@nightshade.la.mastaler.com>
+
+	* CRYPTO: Added information on variable length HMACs.
+
 2001-09-13  Jason R. Mastaler  <jasonrm@nightshade.la.mastaler.com>
 
 	* README: TMDA 0.36 is released.


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic