Daniel Shiu <daniel.s...@arqit.uk> wrote:
> While working on cryptographic inventory tools, I noticed that the IKE
> authentication methos AUTH_HMAC_SHA1_96 (SHA1-based HMAC truncated to
> 96-bits) is permitted in IKEv2 per RFC 8247 (status MUST- according t
Note, it's *HMAC* SHA1.
> Have I missed the deprecation elsewhere, or is further action merited.
HMAC consists of two passes of SHA1, and includes padding in such a way that
means that pre-image attacks where the attack text is longer than the
original does not work.
So, I am not falling overmyself to deprecate HMAC-SHA1.
I'm happy to leave things as they are until a revision to 8247 is done.
Note that MUST- means that it is already on it's "way down"
--
Michael Richardson <mcr+i...@sandelman.ca> . o O ( IPv6 IøT consulting )
Sandelman Software Works Inc, Ottawa and Worldwide
signature.asc
Description: PGP signature
_______________________________________________ IPsec mailing list -- ipsec@ietf.org To unsubscribe send an email to ipsec-le...@ietf.org
