[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Probability text in core section 1.3.4
I know this has been brought up before in SSTC http://www.oasis-open.org/archives/security-services/200109/msg00024.html and I guess the TC decided that no errata was required, but having had to re-visit this ourselves in Liberty TEG I thought I would share our findings: The text in core section 1.3.4 "In the case that a random or pseudorandom technique is employed, the probability of two randomly chosen identifiers being identical MUST be less than or equal to 2-128 and SHOULD be less than or equal to 2-160." clearly states the "birthday problem" (probability of any two birthdays/identifiers colliding) and then goes on to set specific probability targets (2^-128 and 2^-160), but does so without specifying the number of generated identifiers that those probabilities have to hold for (the number of people in the room). What we chose to do in the Liberty specs, where we were using similar text, was to drop the specific probability targets and let "negligible" suffice as the normative requirement. Through analysis using techniques such as http://mathworld.wolfram.com/BirthdayProblem.html we have satisfied ourselves that randomly chosen values of length 128+ bits do result in a "negligible" probability of collision over a sufficiently large number of messages, but we have refrained from mandating specific probability targets or even a specific number of random bits (we do provide an example where we suggest that one could use 168 bits and this was chosen to avoid wasted padding bits in a base 64 encoding of the value). I leave it to the group to decide whether this warrants an errata or whether it has already been beaten to death. -Greg
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]