Fwd: NIST Release 3 Security Publications (including one for PRFs and KDFs)

Matt Ball matt.ball at IEEE.org
Fri May 2 14:14:46 PDT 2008

Formatted message: <A HREF="r0805020_f.htm">HTML-formatted message</A>

I think that the SP 800-108 draft is of general interest to these lists (see
below).  This specifies Pseudo-Random Functions (PRF) and Key Derivation
Functions (KDF).
I suspect many of the companies on this list have some kind of key
derivation scheme somewhere.  Make sure to send your feedback to NIST if
this draft is unnecessarily specific, or excludes otherwise secure
derivation schemes.
Just a few highlights:
   - The approved PRFs are HMAC-SHA-x and CMAC (SP 800-38B)
   - There are three KDFs: KDF in counter mode, KDF in Feedback mode, and
   KDF in double-pipelined iteration mode
   - There is approval of 'Key Hierarchy' structures, in which keys are
   derived from keys that are derived from keys, etc.
I didn't check, but we'll need to make sure that the KDFs used in IKEv2 and
TLS are supported within the context of SP 800-108.
---------- Forwarded message ----------
From: Patrick O'Reilly <poreilly at email.nist.gov>
Date: Fri, May 2, 2008 at 2:06 PM
Subject: NIST Release 3 Security Publications
To: Multiple recipients of list <compsecpubs at nist.gov>
NIST announces the release of Draft Special Publication 800-108,
Recommendation for Key Derivation Using Pseudorandom Functions. This
Recommendation specifies techniques for key derivation from a secret key
using pseudorandom functions (PRF). . The comment period closes on June 28,
2008. To learn more about this draft, please visit the CSRC Drafts page.
URL: http://csrc.nist.gov/publications/PubsDrafts.html#800-108
NIST announces the release of the public draft of Special Publication 800-66
Revision 1, An Introductory Resource Guide to Implementing the Health
Insurance Portability and Accountability Act (HIPAA) Security Rule (Draft).
This Special Publication (SP), which discusses security considerations and
resources that may provide value when implementing the requirements of the
HIPAA Security Rule.  To learn more about this draft please visit CSRC
Drafts page.
URL: http://csrc.nist.gov/publications/PubsDrafts.html#800-66-Rev1
The NIST Computer Security Division is proud to announce the release of NIST
Interagency Report (IR) 7442: Computer Security Division - 2007 Annual
Report. This publication highlights the diverse research agenda that enabled
the Computer Security Division to successfully respond to numerous
challenges and opportunities in fulfilling its mission to provide standards
and technology that protects information systems against threats to the
confidentiality, integrity, and availability of information and services.
 If interested in reviewing this annual report, link provided below.
URL: http://csrc.nist.gov/publications/PubsNISTIRs.html#NISTIR_7442
To unsubscribe from this list send e-mail to listproc at nist.gov and type in
the body of the e-mail message:
       unsubscribe compsecpubs
Reminder:  You need to make sure that you are unsubscribing from the
original e-mail address that you subscribed to this list from.	If not, you
will receive an error message.	If that is the case, send
patrick.oreilly at nist.gov an e-mail and I will have to manually delete your
email address from the listproc system.  To save time - please provide me
with your old email address that you subscribed to the list.  Thanks.
Pat O'Reilly
List Administrator
Computer Security Division
Matt Ball, IEEE P1619.x SISWG Chair
M.V. Ball Technical Consulting, Inc.
Phone: 303-469-2469, Cell: 303-717-2717

More information about the T10 mailing list