[11881] in cryptography@c2.net mail archive


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: Why is RMAC resistant to birthday attacks?

daemon@ATHENA.MIT.EDU (Aram Perez)
Tue Oct 22 01:49:01 2002

Date: Mon, 21 Oct 2002 22:34:40 -0700
From: Aram Perez <aram@pacbell.net>
To: Cryptography <cryptography@wasabisystems.com>
In-Reply-To: <Pine.GSO.4.33.0210212143520.14823-100000@sasas1>

Victor.Duchovni@morganstanley.com wrote:

[snip]
> 
> With keyed MACs Alice and Bob share the same secretkeys, either can
> freely generate messages with correct MAC values, so the MAC cannot be
> used as evidence to a third party that Alice is the signer of the
> message.

While you are correct in the general case, I have worked on a system where
Alice could only generate MACs and Bob could only verify MACs. The hardware
was designed so that Alice could not verify MACs and Bob could not generate
MACs even though they shared the same key (that was only known to the
hardware).

Regards,
Aram Perez

[snip]

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@wasabisystems.com


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[11881] in cryptography@c2.net mail archive

Re: Why is RMAC resistant to birthday attacks?

daemon@ATHENA.MIT.EDU (Aram Perez)Tue Oct 22 01:49:01 2002

daemon@ATHENA.MIT.EDU (Aram Perez)
Tue Oct 22 01:49:01 2002