[Ndn-interest] Describe the HMAC algorithm in SignatureHmacWithSha256?
Yingdi Yu
yingdi at CS.UCLA.EDU
Tue Jun 9 11:16:24 PDT 2015
> On Jun 9, 2015, at 8:29 AM, Thompson, Jeff <jefft0 at remap.ucla.edu> wrote:
>
> > I think the purpose is to allow both ends to uniquely identify the key. Is there any particular reason of using the first 4 bytes of the digest?
>
> Using a short identifier (4 bytes) is to keep the packet short for low-power devices. Making a short identifier from the digest is an easy way to get a unique identifier instead of maintaining a separate list of sequential ID numbers. Does that answer your question?
I do not think the first 4-bytes can provide a “unique” identifier. If uniqueness is the major concern, we should use digest, given collision in sha256 has not been found yet.
I did not quite understand what you mean by “a separate list of sequential ID numbers”.
My concern is about using digest or something related alone. Given HMAC is about authenticity, one might not be able to tell from a digest or even first 4 bytes that the key can be trusted for a particular data packet. We have to maintaining an additional mapping between the privilege of a key (which is usually the key name) and the key anyway. So using a digest does not save too much at the device side.
For length of the key locator, given the packet size is already 1500-byte, I am not sure if it is a good tradeoff to sacrifice some good security property for just tens of bytes.
Yingdi
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.lists.cs.ucla.edu/pipermail/ndn-interest/attachments/20150609/108222dd/attachment.html>
More information about the Ndn-interest
mailing list