[11890] in cryptography@c2.net mail archive
Re: Why is RMAC resistant to birthday attacks?
daemon@ATHENA.MIT.EDU (Ed Gerck)
Tue Oct 22 14:59:03 2002
Date: Tue, 22 Oct 2002 11:50:31 -0700
From: Ed Gerck <egerck@nma.com>
To: Sidney Markowitz <sidney@sidney.com>
Cc: bear <bear@sonic.net>, Ed Gerck <egerck@nma.com>,
Victor.Duchovni@morganstanley.com,
Cryptography <cryptography@wasabisystems.com>
Sidney Markowitz wrote:
> "bear" <bear@sonic.net> asked:
> > But why does that buy me the ability to "easily" make a forgery?
>
> It doesn't. As described in the paper all you can do with it is the following:
>
> Mallory discovers that a message from Alice "Buy a carton of milk" and another
> message from Alice "Get a dozen eggs" are sent with the same salt and have the
> same MAC, ...
It does to (as you can read in the paper). BTW, the "easily" applies to the case
WITHOUT salt -- ie., without RMAC. But that's why RMAC was proposed ;-)
Cheers,
Ed Gerck
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@wasabisystems.com
