[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Probability text in core section 1.3.4
I know this has been brought up before in SSTC
http://www.oasis-open.org/archives/security-services/200109/msg00024.html
and I guess the TC decided that no errata was required, but having had to
re-visit this ourselves in Liberty TEG I thought I would share our findings:
The text in core section 1.3.4
"In the case that a random or pseudorandom technique is employed, the
probability of two randomly chosen identifiers being identical MUST be less
than or equal to 2-128 and SHOULD be less than or equal to 2-160."
clearly states the "birthday problem" (probability of any two
birthdays/identifiers colliding) and then goes on to set specific
probability targets (2^-128 and 2^-160), but does so without specifying the
number of generated identifiers that those probabilities have to hold for
(the number of people in the room).
What we chose to do in the Liberty specs, where we were using similar text,
was to drop the specific probability targets and let "negligible" suffice as
the normative requirement.
Through analysis using techniques such as
http://mathworld.wolfram.com/BirthdayProblem.html
we have satisfied ourselves that randomly chosen values of length 128+ bits
do result in a "negligible" probability of collision over a sufficiently
large number of messages, but we have refrained from mandating specific
probability targets or even a specific number of random bits (we do provide
an example where we suggest that one could use 168 bits and this was chosen
to avoid wasted padding bits in a base 64 encoding of the value).
I leave it to the group to decide whether this warrants an errata or whether
it has already been beaten to death.
-Greg
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]