let stateless-nonce use SHA-2 #17
Conversation
Signed-off-by: Thomas Fossati <thomas.fossati@arm.com>
thomas-fossati
requested review from
henkbirkholz,
William-PanWei and
cabo
as code owners
draft-birkholz-rats-epoch-markers.md
Outdated
| : HMAC w/ SHA-1 computed over the CBOR serialisation of TimeToken encoded as a | ||
| 20-bytes string. | ||
| : HMAC w/ SHA-224 computed over the CBOR serialisation of TimeToken encoded as | ||
| a 28-bytes string. |
There was a problem hiding this comment.
Now if we could spend four more bytes to get a hash that is actually widely supported in hardware and software (SHA-256)?
There was a problem hiding this comment.
I guess we could. The whole idea behind SHA-1 was being able to do everything in 32 bytes, which fits well in "a certain RoT"'s API.
draft-birkholz-rats-epoch-markers.md
Outdated
|
|
||
| A stateless-nonce supports the above use case by encoding a Posix time (i.e., | ||
| the epoch identifier), alongside a minimal set of metadata, authenticated with | ||
| a symmetric key in a self-contained and compact (starting at 40 bytes) token. |
There was a problem hiding this comment.
The "starting at" is not Bourne out by the CDDL.
There was a problem hiding this comment.
Not sure I get your point: with a 0-length Pad (the inf), it serialises to 40 bytes. That's what I wanted to say here.
There was a problem hiding this comment.
I didn't see how to go beyond the 40-byte token, but I probably focused on the non-agile hash too much.
There was a problem hiding this comment.
ok, got it, sorry, not enough coffee :-)
* use SHA-256 * remove wrong size lower bound Signed-off-by: Thomas Fossati <thomas.fossati@arm.com>
No description provided.