OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

mqtt message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: [OASIS Issue Tracker] (MQTT-584) MQTT-SN integrity protection proposal

    [ https://issues.oasis-open.org/browse/MQTT-584?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=82938#comment-82938 ] 

Stefan Hagen edited comment on MQTT-584 at 5/20/23 12:22 PM:
-------------------------------------------------------------

I see a need for discussion on the proposed use of partial hash sums in the packet level protection proposal.

In short I fear we rely too heavily on implementation quality and the avalanche effect when using only leading bits of algorithms instead of choosing algorithms that provide values of the length we can fully embed.

Or did I miss a security analysis proving that say providing the upper half of a SHA512 hash value is more secure than providing the full SHA256 value (as a hypothetical comparison)?


was (Author: sdrees):
I see a need for discussion on the use of hash sums in the packet level protection proposal.

In short I fear we rely too heavily on implementation quality and the avalanche effect when using only leading bits of algorithms instead of choosing algorithms that provide values of the length we can fully embed.

Or did I miss a security analysis proving that say providing the upper half of a SHA512 hash value is more secure than providing the full SHA256 value (as a hypothetical comparison)?

> MQTT-SN integrity protection proposal
> -------------------------------------
>
>                 Key: MQTT-584
>                 URL: https://issues.oasis-open.org/browse/MQTT-584
>             Project: OASIS Message Queuing Telemetry Transport (MQTT) TC
>          Issue Type: New Feature
>          Components: MQTT-SN
>            Reporter: Simon Johnson [X]
>            Assignee: Simon Johnson [X]
>            Priority: Major
>
> Various entities have expressed a desire to bake in some level of security to the MQTT-SN protocol. The desire is to protect from common exploits, whilst adhering to the principals of designing for low power, low bandwidth devices.



--
This message was sent by Atlassian Jira
(v8.3.3#803004)

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]