Detecting attempts to decrypt with incorrect secret key in OWASP ESAPI
Peter Gutmann
pgut001 at cs.auckland.ac.nz
Wed Sep 16 21:20:45 EDT 2009
David Wagner <daw at cs.berkeley.edu> writes:
>(You could replace AES-CMAC with SHA1-HMAC, but why would you want to?)
The answer to that depends on whether you need to support an existing base of
crypto software and hardware. Even though (in this case) it's a new standard,
it still requires support from the underlying crypto libraries. If little or
none of those do AES-CMAC yet (I don't think Windows CryptoAPI does, only very
recent versions of OpenSSL do... it's not looking good) then you'd want to
stick with HMAC-SHA1.
(Forestalling the inevitable "but developers can implement AES-CMAC themselves
from raw AES" that I'm sure someone will follow up with, the target audience
for this is web application developers, not cryptographers, so you need to
give them something that works as required out of the box).
Peter.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list