On 10/16/05, Damien Miller wrote:

> On Fri, 14 Oct 2005, Stephen J. Smoogen wrote:
>
>
> For the per-packet MAC, only HMAC-SHA1 and HMAC-MD5 are supported. In
> reality, even these are overkill (in terms of MAC length).
>
> Wang, Yin and Yu's results on SHA1 don't matter for its use in HMAC
> anyway.
>
> > 2) How long do you want your message to be secure? If you say
> > forever... then you are best off not saying anything. If you say 100
> > years.. it would probably be best not to say anything. If you are
> > looking for 10 years then does the search space time for 2^60 or more
> > fit into that time frame. (Searching 2^30 (approx 1 billion keys) a
> > second it would take 34 years to search for this. This doesnt take in
> > account parrelization or other items).

>
> Finding a hash collision doesn't render your encrypted messages
> vulnerable.
>


Thanks Damien for taking the time to clarifying me. After Theo's
email, I read the HMAC RFC and then some crypto books to clarify what
my mistakes were. I realized I was wrong on several levels because of
mis-thinking that the SHA-1 problem was a way to bounce back an
unencrypted packet versus a collision. The assumptions I was making
was that the plain text was always a set size and no key was involved.
Both of these assumptions are invalid.

I should not have posted part 2 before doing that reading... I would
have realized the whole question was mute.

Again thankyou for taking the time to clarify. You guys are busy
enough and I should have kept my mouth shut.

--
Stephen J Smoogen.
CSIRT/Linux System Administrator

_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@mindrot.org
http://www.mindrot.org/mailman/listi...enssh-unix-dev