EldoS | Feel safer!

Software components for data protection, secure storage and transfer

AWSS3DSDemo - AuthHashSize?

Posted: 08/09/2016 16:38:50
by Darian Miller (Standard support level)
Joined: 06/27/2011
Posts: 49

SBB14 (Samples\Delphi\CoudBlackBox\AWS\MainForm.pas)

When reviewing this demo project, configuration of a storage security handler when using Extended identity protection with the Digest being SHA1, the AuthHashSize property is set to 10 with a comment in the source stating "truncating a half of SHA1 results".

The documentation (https://www.eldos.com/documentation/sbb/documentation/ref_cl_defaultdatastoragesecurityhandler_prp_authhashsize.html) just states that it's the "size of data authentication hash."

Why cut the size in half? If using other hashes, like SHA-256 what would the appropriate value of AuthHashSize be? (I would have assumed 32 without seeing this demo but now I am confused.)
Posted: 08/10/2016 01:29:24
by Ken Ivanov (Team)

Hi Darian,

You are free to choose any hash size you find reasonable, provided it's equal to or shorter than the size of the actual hash returned by the function. Truncated hashes are often used to optimise the speed/throughput of a protocol or application, while preserving the security benefits it provides. Still, the shorter is the hash value, the less bits of security it provides, so it is important to establish a trade-off between the length of the hashes and the effectiveness you want to reach.

The hash size property was primarily introduced for per-chunk MAC'ing mode users (where small pieces of larger objects are hashed individually to enable per-block access), so that the user would have had some control over expansion of space occupied by very large objects with very small chunk sizes.

Posted: 08/10/2016 11:55:08
by Darian Miller (Standard support level)
Joined: 06/27/2011
Posts: 49

Interesting, thanks.



Topic viewed 1017 times

Number of guests: 1, registered members: 0, in total hidden: 0


Back to top

As of July 15, 2016 EldoS business operates as a division of /n software, inc. For more information, please read the announcement.

Got it!