Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:81584 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 24848 invoked from network); 2 Feb 2015 12:03:52 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 2 Feb 2015 12:03:52 -0000 Authentication-Results: pb1.pair.com header.from=leight@gmail.com; sender-id=pass Authentication-Results: pb1.pair.com smtp.mail=leight@gmail.com; spf=pass; sender-id=pass Received-SPF: pass (pb1.pair.com: domain gmail.com designates 74.125.82.175 as permitted sender) X-PHP-List-Original-Sender: leight@gmail.com X-Host-Fingerprint: 74.125.82.175 mail-we0-f175.google.com Received: from [74.125.82.175] ([74.125.82.175:38383] helo=mail-we0-f175.google.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id D0/22-13421-6A76FC45 for ; Mon, 02 Feb 2015 07:03:51 -0500 Received: by mail-we0-f175.google.com with SMTP id p10so38650406wes.6 for ; Mon, 02 Feb 2015 04:03:48 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; bh=NX1f0k6vm8skyG+D3Z+t7yU+0DyqYA4bZougz6lu21Y=; b=S883YWSlPfHh0VZoS8XD5B00L7gZgv7dXQnnmcBOEulybC8iTJ6oFvEcf7Vc/n2cXG mH2+nhTtIYaeOTX3lfSZr5X6+Ec3Vxq+j13I6NejZiec9WbjF42VTuB1GE7jcS7LG5GF YFxtW61BL+b53+p+3wVQnNk5Yw2ADQgb5TNI+WwD8sVpY1k2V8oE7gDtGGruU1O8VJfQ REjfZ5WSzon4ByX8NNsZbwM5OEYBLP4ATW3XvS5SvFo+JdKQNPNWoK0vvUeOVkLxhnhI uPZE0EUDFg2H4HQ+VMZtaRMxYvzDESKgofChNUmvAvTtMZHKAPN8ecUERmN5KV/PwguJ jqAw== MIME-Version: 1.0 X-Received: by 10.180.76.133 with SMTP id k5mr23070442wiw.30.1422878627787; Mon, 02 Feb 2015 04:03:47 -0800 (PST) Received: by 10.216.50.139 with HTTP; Mon, 2 Feb 2015 04:03:47 -0800 (PST) In-Reply-To: References: Date: Mon, 2 Feb 2015 12:03:47 +0000 Message-ID: To: Jason Gerfen Cc: Jakub Zelenka , PHP internals Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Subject: Re: [PHP-DEV] OpenSSL ext. improvements for authenticated cipher modes. From: leight@gmail.com (Leigh) On 2 February 2015 at 11:46, Jason Gerfen wrote: > According to documentation provided about the OCB mode of AES it says the > following: > > Section 3: The scheme >> >> The tag length is an integer =CF=84 =E2=88=88 [0 .. n]. ... As for the t= ag length, a >> suggested default of =CF=84 =3D 64 is reasonable. Tags of 32 bits are st= andard in >> retail banking. Tags of 96 bits are used in IPSec. Using a tag of more t= han >> 80 bits adds questionable security benefit, though it does lengthen each >> cipher text. In Rogaway's own OCB FAQ it states: The number =CF=84, the tag length of the scheme, is, like the blockcipher E, a parameter of the mode. It=E2=80=99s a number 0 =E2=89=A4 =CF=84 =E2=89= =A4 128. http://web.cs.ucdavis.edu/~rogaway/ocb/ocb-faq.htm > The GCM mode is somewhat different regarding the allowed tag length(s). > > Section 5.2.1.2 Output Data >> >> The bit length of the tag, denoted t, is a security parameter, as >> discussed in Appendix B. In general, t may be any one of the following f= ive >> values: 128, 120, 112, 104, or 96. For certain applications, t may be 6= 4 or >> 32; guidance for the use of these two tag lengths, including requirement= s on >> the length of the input data and the lifetime of the key in these cases,= is >> given in Appendix C. So in both of these cases the largest tag size is 128 bits (corresponds to the length of 16 that I mentioned - bits -> bytes). A tag length of 16 is a safe assumption if we don't want to allow the user to specify, however it could prevent interop with other applications, if they require a tag of a different length.