[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [security-services] Possible 1.1 (and 1.0) errata
Scott - This is the text in 1.1 core that references uniqueness (I am using draft 10, lines 360-362): The mechanism by which a SAML system entity ensures that the identifier is unique is left to the implementation. In the case that a pseudorandom technique is employed, the probability of two randomly chosen identifiers being identical MUST be less than 2^-128 and SHOULD be less than 2^-160. This requirement MAY be met by encoding a randomly chosen value between 128 and 160 bits in length. I actually think this text is correct! The key words here are: "randomly chosen". I believe the case you identify below is the probability of collision when one value is already chosen (i.e., a birthday attack). In that case, indeed the probability is approximately 2^-n/2, where "n" is the number of bits. So, if this is not the text you are referencing, or, if I am mistaken in my analysis, please let me know so that I can update the errata accordingly. Thanks, Jahan ---------------- Jahan Moreh Chief Security Architect 310.286.3070 > -----Original Message----- > From: Scott Cantor [mailto:cantor.2@osu.edu] > Sent: Thursday, July 31, 2003 10:21 AM > To: SAML > Subject: [security-services] Possible 1.1 (and 1.0) errata > > > It's been pointed out during review of the latest Liberty > documents that the > part in SAML about identifier uniqueness is overstated based on > the intent. > If the point is to use a SHA1 hash, then the actual collision > probability in > the spec language should be <= 2^-80 instead of < 2^-160 > > Liberty had the same language and it was copied from SAML, so I > figured I'd > mention it. > > -- Scott > > > You may leave a Technical Committee at any time by visiting > http://www.oasis-open.org/apps/org/workgroup/security-services/mem bers/leave_workgroup.php
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]