40 likes | 173 Views
Proposed PRF Text Changes. Jesse Walker Intel Corporation. Proposed PRF. PRF-AES( Key , AuthenticatorMAC , SupplicantMAC , Label , Nonce , Length ) R “” iterations ( Length +15)/16 for i 1 to iterations do R R | AES-CBC-MAC( Key ,
E N D
Proposed PRF Text Changes Jesse Walker Intel Corporation Jesse Walker, Intel Corporation
Proposed PRF PRF-AES(Key, AuthenticatorMAC, SupplicantMAC, Label, Nonce, Length) R “” iterations (Length+15)/16 fori 1 toiterationsdo RR | AES-CBC-MAC(Key, AuthenticatorMAC | SupplicantMAC | i | Label | Nonce | Length) returnSubstring(R, 0, Length) Jesse Walker, Intel Corporation
Discussion • Neither current PRF nor proposed PRF conforms to draft NIST SP 800-56 • Current PRF does not exploit full entropy of PMK, but proposed PRF does • Current PRF subject to prefix attacks, but proposed PRF does Jesse Walker, Intel Corporation
Motions • Instruct the editor to replace the text of Clause 8.5.1.1 with text from doc 02-795r2 • Instruct the 802.11 Chair to submit the following comment to NIST comments list kmscomments@nist.gov by April 3: “IEEE 802.11 would like NIST to allow AES-CBC-MAC to be used in approved KDF functions as an alternative to a one-way hash function in Clause 5.3 of draft SP 800-56.” Jesse Walker, Intel Corporation