[Remops] mixmaster's 1024-bit RSA is getting old
lists at notatla.org.uk
lists at notatla.org.uk
Thu Oct 31 15:25:14 GMT 2013
Tom Ritter <tom ritter.vg> writes:
> It's not clear to me where the HMAC key for a header comes from; it
> must be shared between the client and the node whose header that it
> is. I assumed it's derived from the symmetric key that the client
> RSA-encrypts to the node?
The HMAC key is also in the RSA encrypted data along with the 3DES
and a value called aes_pre_key. The new AES keys (3 of them) are
derived from that and the HMAC key.
http://www.zen19351.zen.co.uk/mixmaster302/packet_layout.txt
The RSA encryption occupies space equal to the modulus which is
from 128 bytes for 1024-bit to 512 bytes for 4096-bit.
Data encrypted under RSA with the larger keys is (with sizes in bytes):
24 3deskey (unchanged from older software)
64 hmac_key for HMAC-SHA256
32 hmac(2*512 of later header data) to prevent tagging
32 hmac(body)
32 hmac(328block) current header data a.k.a TTE standing for three,two,eight
32 aes_pre_key
The aes_pre_key is used together with HMAC-SHA256 to generate the 3
AES keys for the body, future headers and the current header data of
size 328.
More information about the Remops
mailing list