[11882] in cryptography@c2.net mail archive
Re: Why is RMAC resistant to birthday attacks?
daemon@ATHENA.MIT.EDU (Victor.Duchovni@morganstanley.com)
Tue Oct 22 13:10:03 2002
Date: Tue, 22 Oct 2002 10:15:46 -0400 (EDT)
From: <Victor.Duchovni@morganstanley.com>
To: Aram Perez <aram@pacbell.net>
Cc: Cryptography <cryptography@wasabisystems.com>
In-Reply-To: <B9DA3180.6B39%aram@pacbell.net>
On Mon, 21 Oct 2002, Aram Perez wrote:
> Victor.Duchovni@morganstanley.com wrote:
>
> While you are correct in the general case, I have worked on a system where
> Alice could only generate MACs and Bob could only verify MACs. The hardware
> was designed so that Alice could not verify MACs and Bob could not generate
> MACs even though they shared the same key (that was only known to the
> hardware).
>
This is interesting, but it does not help me to understand what threat
model is addressed RMAC, or more generally how do birthday attacks play
out against (shared secret) keyed MAC algorithms. The details of the RMAC
algorithm itselft are not at issue here, I want to understand the problem
so I can use the solution under the right conditions.
--
Viktor.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@wasabisystems.com
