Jonas Schnelli [ARCHIVE] on Nostr: 📅 Original date posted:2016-06-28 📝 Original message:> To quote: > >> ...
📅 Original date posted:2016-06-28
📝 Original message:> To quote:
>
>> HMAC_SHA512(key=ecdh_secret|cipher-type,msg="encryption key").
>>
>> K_1 must be the left 32bytes of the HMAC_SHA512 hash.
>> K_2 must be the right 32bytes of the HMAC_SHA512 hash.
>
> This seems a weak reason to introduce SHA512 to the mix. Can we just
> make:
>
> K_1 = HMAC_SHA256(key=ecdh_secret|cipher-type,msg="header encryption key")
> K_2 = HMAC_SHA256(key=ecdh_secret|cipher-type,msg="body encryption key")
SHA512_HMAC is used by BIP32 [1] and I guess most clients will somehow
make use of bip32 features. I though a single SHA512_HMAC operation is
cheaper and simpler then two SHA256_HMAC.
AFAIK, sha256_hmac is also not used by the current p2p & consensus layer.
Bitcoin-Core uses it for HTTP RPC auth and Tor control.
I don't see big pros/cons for SHA512_HMAC over SHA256_HMAC.
</jonas>
[1]
https://github.com/bitcoin/bips/blob/master/bip-0032.mediawiki#child-key-derivation-ckd-functions
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20160628/bbe12795/attachment.sig>
📝 Original message:> To quote:
>
>> HMAC_SHA512(key=ecdh_secret|cipher-type,msg="encryption key").
>>
>> K_1 must be the left 32bytes of the HMAC_SHA512 hash.
>> K_2 must be the right 32bytes of the HMAC_SHA512 hash.
>
> This seems a weak reason to introduce SHA512 to the mix. Can we just
> make:
>
> K_1 = HMAC_SHA256(key=ecdh_secret|cipher-type,msg="header encryption key")
> K_2 = HMAC_SHA256(key=ecdh_secret|cipher-type,msg="body encryption key")
SHA512_HMAC is used by BIP32 [1] and I guess most clients will somehow
make use of bip32 features. I though a single SHA512_HMAC operation is
cheaper and simpler then two SHA256_HMAC.
AFAIK, sha256_hmac is also not used by the current p2p & consensus layer.
Bitcoin-Core uses it for HTTP RPC auth and Tor control.
I don't see big pros/cons for SHA512_HMAC over SHA256_HMAC.
</jonas>
[1]
https://github.com/bitcoin/bips/blob/master/bip-0032.mediawiki#child-key-derivation-ckd-functions
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20160628/bbe12795/attachment.sig>