RFC relevance of security

As per Relevance of the word security, we have this rfc below:

Network Working Group C.
Request for Comments: 2403 Cisco Systems Inc
Category: Standards Track R.

November 1998

The Use of HMAC-MD5-96 within ESP and

Status of this

This document specifies an Internet standards track protocol for
Internet community, and requests discussion and suggestions
improvements. Please refer to the current edition of the "
Official Protocol Standards" (STD 1) for the standardization
and status of this protocol. Distribution of this memo is unlimited

Copyright

Copyright (C) The Internet Society (1998). All Rights Reserved

This memo describes the use of the HMAC algorithm [RFC-2104]
conjunction with the MD5 algorithm [RFC-1321] as an
mechanism within the revised IPSEC Encapsulating Security
[ESP] and the revised IPSEC Authentication Header [AH]. HMAC with MD
provides data origin authentication and integrity protection

Further information on the other components necessary for ESP and
implementations is provided by [Thayer97a].

1.

This memo specifies the use of MD5 [RFC-1321] combined with
[RFC-2104] as a keyed authentication mechanism within the context
the Encapsulating Security Payload and the Authentication Header
The goal of HMAC-MD5-96 is to ensure that the packet is authentic
cannot be modified in transit

HMAC is a secret key authentication algorithm. Data integrity
data origin authentication as provided by HMAC are dependent upon
scope of the distribution of the secret key. If only the source
destination know the HMAC key, this provides both data
authentication and data integrity for packets sent between the
parties; if the HMAC is correct, this proves that it must have
added by the source

Madson & Glenn Standards Track [Page 1]

RFC 2403 The Use of HMAC-MD5-96 within ESP and AH November 1998

In this memo, HMAC-MD5-96 is used within the context of ESP and AH
For further information on how the various pieces of ESP -
the confidentiality mechanism -- fit together to provide
services, refer to [ESP] and [Thayer97a]. For further information
AH, refer to [AH] and [Thayer97a].

The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in
document are to be interpreted as described in [RFC-2119].

2. Algorithm and

[RFC-1321] describes the underlying MD5 algorithm, while [RFC-2104]
describes the HMAC algorithm. The HMAC algorithm provides a
for inserting various hashing algorithms such as MD5.

HMAC-MD5-96 operates on 64-byte blocks of data. Padding
are specified in [RFC-1321] and are part of the MD5 algorithm.
MD5 is built according to [RFC-1321], there is no need to add
additional padding as far as HMAC-MD5-96 is concerned. With
to "implicit packet padding" as defined in [AH], no implicit
padding is required

HMAC-MD5-96 produces a 128-bit authenticator value. This 128-
value can be truncated as described in RFC 2104. For use with
ESP or AH, a truncated value using the first 96 bits MUST
supported. Upon sending, the truncated value is stored within
authenticator field. Upon receipt, the entire 128-bit value
computed and the first 96 bits are compared to the value stored
the authenticator field. No other authenticator value lengths
supported by HMAC-MD5-96.

The length of 96 bits was selected because it is the
authenticator length as specified in [AH] and meets the
requirements described in [RFC-2104].

2.1

[Bellare96a] states that "(HMAC) performance is essentially that
the underlying hash function". [RFC-1810] provides some
analysis and recommendations of the use of MD5 with
protocols. As of this writing no performance analysis has been
of HMAC or HMAC combined with MD5.

[RFC-2104] outlines an implementation modification which can
per-packet performance without affecting interoperability

Madson & Glenn Standards Track [Page 2]

RFC 2403 The Use of HMAC-MD5-96 within ESP and AH November 1998

3. Keying

HMAC-MD5-96 is a secret key algorithm. While no fixed key length
specified in [RFC-2104], for use with either ESP or AH a fixed
length of 128-bits MUST be supported. Key lengths other than 128-
bits MUST NOT be supported (i.e. only 128-bit keys are to be used
HMAC-MD5-96). A key length of 128-bits was chosen based on
recommendations in [RFC-2104] (i.e. key lengths less than
authenticator length decrease security strength and keys longer
the authenticator length do not significantly increase
strength).

[RFC-2104] discusses requirements for key material, which includes
discussion on requirements for strong randomness. A strong pseudo
random function MUST be used to generate the required 128-bit key

At the time of this writing there are no specified weak keys for
with HMAC. This does not mean to imply that weak keys do not exist
If, at some point, a set of weak keys for HMAC are identified,
use of these weak keys must be rejected followed by a request
replacement keys or a newly negotiated Security Association

[ARCH] describes the general mechanism for obtaining keying
when multiple keys are required for a single SA (e.g. when an ESP
requires a key for confidentiality and a key for authentication).

In order to provide data origin authentication, the key
mechanism must ensure that unique keys are allocated and that
are distributed only to the parties participating in
communication

[RFC-2104] makes the following recommendation with regard
rekeying. Current attacks do not indicate a specific
frequency for key changes as these attacks are
infeasible. However, periodic key refreshment is a
security practice that helps against potential weaknesses of
function and keys, reduces the information avaliable to
cryptanalyst, and limits the damage of an exposed key

4. Interaction with the ESP Cipher

As of this writing, there are no known issues which preclude the
of the HMAC-MD5-96 algorithm with any specific cipher algorithm

Madson & Glenn Standards Track [Page 3]

RFC 2403 The Use of HMAC-MD5-96 within ESP and AH November 1998

5. Security

The security provided by HMAC-MD5-96 is based upon the strength
HMAC, and to a lesser degree, the strength of MD5. [RFC-2104]
that HMAC does not depend upon the property of strong
resistance, which is important to consider when evaluating the use
MD5, an algorithm which has, under recent scrutiny, been shown to
much less collision-resistant than was first thought. At the time
this writing there are no practical cryptographic attacks
HMAC-MD5-96.

[RFC-2104] states that for "minimally reasonable hash functions"
"birthday attack", the strongest attack know against HMAC,
impractical. For a 64-byte block hash such as HMAC-MD5-96, an
involving the successful processing of 2**64 blocks would
infeasible unless it were discovered that the underlying hash
collisions after processing 2**30 blocks. A hash with such
collision-resistance characteristics would generally be considered
be unusable

It is also important to consider that while MD5 was never
to be used as a keyed hash algorithm, HMAC had that criteria from
onset. While the use of MD5 in the context of data security
undergoing reevaluation, the combined HMAC with MD5 algorithm
held up to cryptographic scrutiny

[RFC-2104] also discusses the potential additional security which
provided by the truncation of the resulting hash.
which include HMAC are strongly encouraged to perform this
truncation

As [RFC-2104] provides a framework for incorporating various
algorithms with HMAC, it is possible to replace MD5 with
algorithms such as SHA-1. [RFC-2104] contains a detailed
on the strengths and weaknesses of HMAC algorithms

As is true with any cryptographic algorithm, part of its
lies in the correctness of the algorithm implementation, the
of the key management mechanism and its implementation, the
of the associated secret key, and upon the correctness of
implementation in all of the participating systems. [RFC-2202]
contains test vectors and example code to assist in verifying
correctness of HMAC-MD5-96 code

Madson & Glenn Standards Track [Page 4]

RFC 2403 The Use of HMAC-MD5-96 within ESP and AH November 1998

6.

This document is derived in part from previous works by Jim Hughes
those people that worked with Jim on the combined DES/CBC+HMAC-MD
ESP transforms, the ANX bakeoff participants, and the members of
IPsec working group

We would also like to thank Hugo Krawczyk for his comments
recommendations regarding some of the cryptographic specific text
this document

7.

[RFC-1321] Rivest, R., "MD5 Digest Algorithm", RFC 1321,
1992.

[RFC-2104] Krawczyk, H., Bellare, M., and R. Canetti, "HMAC
Keyed-Hashing for Message Authentication", RFC 2104,
February 1997.

[RFC-1810] Touch, J., "Report on MD5 Performance", RFC 1810,
1995.

[Bellare96a] Bellare, M., Canetti, R., and H. Krawczyk, "Keying
Functions for Message Authentication", Advances
Cryptography, Crypto96 Proceeding, June 1996.

[ARCH] Kent, S., and R. Atkinson, "Security Architecture
the Internet Protocol", RFC 2401, November 1998.

[ESP] Kent, S., and R. Atkinson, "IP Encapsulating
Payload", RFC 2406, November 1998.

[AH] Kent, S., and R. Atkinson, "IP Authentication Header",
RFC 2402, November 1998.

[Thayer97a] Thayer, R., Doraswamy, N., and R. Glenn, "IP
Document Roadmap", RFC 2411, November 1998.

[RFC-2202] Cheng, P., and R. Glenn, "Test Cases for HMAC-MD5
HMAC-SHA-1", RFC 2202, March 1997.

[RFC-2119] Bradner, S., "Key words for use in RFCs to
Requirement Levels", BCP 14, RFC 2119, March 1997.

Madson & Glenn Standards Track [Page 5]

RFC 2403 The Use of HMAC-MD5-96 within ESP and AH November 1998

8. Editors'

Cheryl
Cisco Systems, Inc

EMail: cmadson@cisco.

Rob

EMail:
The IPsec working group can be contacted through the chairs

Robert

EMail: rgm@icsa.

Ted T'
Massachusetts Institute of

EMail: tytso@mit.

Madson & Glenn Standards Track [Page 6]

RFC 2403 The Use of HMAC-MD5-96 within ESP and AH November 1998

9. Full Copyright

Copyright (C) The Internet Society (1998). All Rights Reserved

This document and translations of it may be copied and furnished
others, and derivative works that comment on or otherwise explain
or assist in its implementation may be prepared, copied,
and distributed, in whole or in part, without restriction of
kind, provided that the above copyright notice and this paragraph
included on all such copies and derivative works. However,
document itself may not be modified in any way, such as by
the copyright notice or references to the Internet Society or
Internet organizations, except as needed for the purpose
developing Internet standards in which case the procedures
copyrights defined in the Internet Standards process must
followed, or as required to translate it into languages other
English

The limited permissions granted above are perpetual and will not
revoked by the Internet Society or its successors or assigns

This document and the information contained herein is provided on
"AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET
TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED,
BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE
HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES
MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE

Madson & Glenn Standards Track [Page 7]

if you see any problems within the linking, don't worry be happy,
this is version 0.1 of the Relevance System and you gotta expect some crappy subroutines sometimes,
just be content we did not write this in Java, which would have made this "bigger and better" HAHAHHA.

RFC documents can be found at I.E.T.F.

Relevance System Copyright © 2002 Spectrum WorldResearch
other technical nosh by ServerMasters Corporation
collaboration of BobX