[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: TLS HMAC key bit-length

To: or-talk@xxxxxxxxxxxxx
Subject: Re: TLS HMAC key bit-length
From: Nick Mathewson <nickm@xxxxxxxxxxxxx>
Date: Sat, 3 Mar 2007 17:11:56 -0500
Delivered-to: archiver@seul.org
Delivered-to: or-talk-outgoing@seul.org
Delivered-to: or-talk@seul.org
Delivery-date: Sat, 03 Mar 2007 17:12:10 -0500
In-reply-to: <45E9AF2C.9000205@scs.carleton.ca>
Mail-followup-to: Nick Mathewson <nickm@xxxxxxxxxxxxx>, or-talk@xxxxxxxxxxxxx
References: <45E9AF2C.9000205@scs.carleton.ca>
Reply-to: or-talk@xxxxxxxxxxxxx
Sender: owner-or-talk@xxxxxxxxxxxxx
User-agent: Mutt/1.4.2.1i

On Sat, Mar 03, 2007 at 12:23:56PM -0500, James Muir wrote:
> Does anyone know the bit-length of the symmetric keys used in HMAC after 
> two nodes establish a TLS session?  I've tried to discover this from the 
> specs, source code and using various "openssl s_client" commands, but no 
> luck.

Check out section 6.3 of RFC2246: the MAC secrets are derived from the
first 2*SecurityParmeters.hash_size bytes of the generated key block.
So this will be 20 bytes if the hash is SHA-1, etc.

hth,
-- 
Nick Mathewson

Attachment: pgpoPMV2X0NTe.pgp
Description: PGP signature

References:
- TLS HMAC key bit-length
  - From: James Muir

Prev by Author: Re: network connection
Next by Author: Re: "router get by nickname" on request to dir server appears to be failing
Previous by thread: TLS HMAC key bit-length
Next by thread: exit node back to user
Index(es):
- Author
- Thread