Closed Bug 609079 Opened 15 years ago Closed 14 years ago

Investigate suitability of SHA-256 as the extractor for J-PAKE

Categories

(Firefox :: Sync, defect)

Product:
Firefox
Component:
Sync
Type:
defect
Priority:
Not set
Severity:
blocker

Tracking

()

Status:
RESOLVED FIXED
Tracking Flags:
Tracking Status
blocking2.0 --- -
fennec - ---

People

(Reporter: briansmith, Assigned: briansmith)

Details

(Whiteboard: [qa-])

The reuslt of Diffie-Hellman key agreement is some key material with entropy that isn't uniformly distributed. Thus, a function (the "extractor") must be applied to the raw key material before it can be used as actual key material. Currently, we use SHA-256 as the extractor. Some papers have suggested that currently known hash functions may not be appropriate extractors, and this might be especially true given recent discoveries about SHA-2. On the other hand, there are others arguing that the hashes in the SHA-2 family are more than good enough for this particular usage and using a keyed/seeded extractor like HMAC would add complication. I will try to find a reference that clearly shows that SHA-256 is an acceptable extractor.
Assignee: nobody → bsmith
blocking2.0: --- → ?
tracking-fennec: --- → ?
Research indicates it is better to use a hash keyed by an authenticated nonce but we don't have a way of authenticating a nonce. See http://www.ietf.org/mail-archive/web/cfrg/current/msg02913.html and the eventual responses.
tracking-fennec: ? → 2.0-
Is there anything left to do here?
blocking2.0: ? → -
Nope. We already decided to use HKDF.
Status: NEW → RESOLVED
Closed: 14 years ago
Resolution: --- → FIXED
Whiteboard: [qa-]
Component: Firefox Sync: Crypto → Sync
Product: Cloud Services → Firefox
You need to log in before you can comment on or make changes to this bug.