Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:81583 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 22764 invoked from network); 2 Feb 2015 11:46:41 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 2 Feb 2015 11:46:41 -0000 Authentication-Results: pb1.pair.com header.from=jason.gerfen@gmail.com; sender-id=pass Authentication-Results: pb1.pair.com smtp.mail=jason.gerfen@gmail.com; spf=pass; sender-id=pass Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.223.181 as permitted sender) X-PHP-List-Original-Sender: jason.gerfen@gmail.com X-Host-Fingerprint: 209.85.223.181 mail-ie0-f181.google.com Received: from [209.85.223.181] ([209.85.223.181:39413] helo=mail-ie0-f181.google.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id F7/B1-13421-0A36FC45 for ; Mon, 02 Feb 2015 06:46:41 -0500 Received: by mail-ie0-f181.google.com with SMTP id rd18so7689780iec.12 for ; Mon, 02 Feb 2015 03:46:38 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=jFkuZlkiBdWWhJlhDI8utgW2Z69L5VOqsbatFA5i/HA=; b=UFWNDrFoI/jPNnmKd5w11Gcuh5yWSrh3OA80cynXPIDeviHzeTZlFfYm8WLJ2jXh0B vrErPRZFMJQlAK3QMjYY6UPc5JYQ06Gf3THKVxt0KjCj1QXGRzZDlUYR8aZts86Jhn9u NQxqwEfjMod2ewEg9Rm2Iec5DmZRC6qPJDoS3u3KOf161XR8bZVVKuR5qOzinsbaw2XX VJlZnJmiSxGTV8SccSljc5ujePjnJgrS2uIL30c24G7TUlJy5eoeRFFskH10rAVau5wv dZau1engxT8x5kusBfkqH5jX8Yxsi9cKe/e2lqQ/j771osPFcYLy4Wjkaxo1vDHROM6q ILBA== MIME-Version: 1.0 X-Received: by 10.50.254.99 with SMTP id ah3mr11088775igd.12.1422877598315; Mon, 02 Feb 2015 03:46:38 -0800 (PST) Received: by 10.64.26.200 with HTTP; Mon, 2 Feb 2015 03:46:38 -0800 (PST) In-Reply-To: References: Date: Mon, 2 Feb 2015 04:46:38 -0700 Message-ID: To: Leigh Cc: Jakub Zelenka , PHP internals Content-Type: multipart/alternative; boundary=001a1134a90ece796d050e19810d Subject: Re: [PHP-DEV] OpenSSL ext. improvements for authenticated cipher modes. From: jason.gerfen@gmail.com (Jason Gerfen) --001a1134a90ece796d050e19810d Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable On Mon, Feb 2, 2015 at 3:58 AM, Leigh wrote: > On 2 February 2015 at 10:57, Leigh wrote: > > length (not sure how of > > Not sure how often tag lengths aside from 16 are used. > =E2=80=8B According to documentation provided about the OCB mode of AES it says the following: Section 3: The scheme > The tag length is an integer =CF=84 =E2=88=88 [0 .. n]. ... As for the ta= g length, a > suggested default of =CF=84 =3D 64 is reasonable. Tags of 32 bits are sta= ndard in > retail banking. Tags of 96 bits are used in IPSec. Using a tag of more th= an > 80 bits adds questionable security benefit, though it does lengthen each > cipher text. > http://csrc.nist.gov/groups/ST/toolkit/BCM/documents/proposedmodes/ocb/ocb-= spec.pdf Maybe E_WARNING on any tag length less than 64 would also be useful in OCB mode(s). The GCM mode is somewhat different regarding the allowed tag length(s). Section 5.2.1.2 Output Data > The bit length of the tag, denoted t, is a security parameter, as > discussed in Appendix B. In general, t may be any one of the following fi= ve > values: 128, 120, 112, 104, or 96. For certain applications, t may be 64 > or 32; guidance for the use of these two tag lengths, including > requirements on the length of the input data and the lifetime of the key = in > these cases, is given in Appendix C. > http://csrc.nist.gov/publications/nistpubs/800-38D/SP-800-38D.pdf Tag lengths of 32 & 96 are common in lower level desktop based applications as noted for IPSec & retail banking applications. I am not sure how common these smaller tag lengths would apply to PHP, however, given the age of the bug report compared to the age of the mode(s) requesting use of these mode(s) doesn't seem to be common. =E2=80=8B --001a1134a90ece796d050e19810d--