HMAC and RIJNDAEL192, was: bugs in bit manipulation routines
Werner Koch
wk at gnupg.org
Mon Aug 7 10:15:05 CEST 2006
On Sun, 6 Aug 2006 23:38, bpgcrypt at itaparica.org said:
> No doubt: securing the HMAC key is a wise idea. But I think it should be
> unnecessary to call gcry_control() if one is going to ommit the
> GCRY_MD_FLAG_SECURE flag anyway when initializing the hash function.
the md_flag_secure puts all internal buffers into secure emeory. This
is for example required if you are going to hmac private key material.
Storing the hmac key into secure memory is a design issue with no way
to change it except for dropping all secure memeory.
> AES is a block cipher with fixed 128 bit block length and non-fixed
> key length. RIJNDAEL on the other hand is a block cipher with "any"
> block length from 128 to 256. In the literature the identifier
I recall from the second AES conference that it was presented in the
way it is used in libgcrypt. Can't find the proceedngs right
now. Anyway ...
> length and 192 bit key. This is confusing and possibly hazardous. I
> suggest to drop all of the macros except the third one.
... this would be an API change and thus we can't do it.
Shalom-Salam,
Werner
More information about the Gcrypt-devel
mailing list