Re: OMAC help

From: Jack Lloyd (lloyd_at_jhu.edu)
Date: 06/14/03

• Next message: Jack Lloyd: "Re: OMAC help"
• Previous message: Anne & Lynn Wheeler: "Re: Idea for secure login"
• In reply to: Tom St Denis: "Re: OMAC help"
• Next in thread: Tom St Denis: "Re: OMAC help"
• Reply: Tom St Denis: "Re: OMAC help"
• Reply: unknown: "Re: OMAC help"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Sat, 14 Jun 2003 15:04:35 -0400

On Sat, 14 Jun 2003 12:58:14 -0400, Tom St Denis wrote:

> Personally I don't see the benefit of OMAC at all. It is *not* a
> combined encrypt/mac algorithm [it requires you to decrypt and
> re-encrypt to verify the mac as far as I can tell].

Yes, OMAC is not a combined mac/encrypt algorithm. EAX is - it's
essentially CTR+OMAC+tweaks. And, secondly, what are you talking about?
Why on earth would someone have to decrypt and then re-encrypt a message
just to authenticate it? Perhaps they could, say, just MAC the ciphertext
as it came in?

> The specs are horrible. Admitedly I don't have 30 yrs in the field but
> I have implemented some hairy algorithms [Twofish, CAST5, etc..] before
> and this one perplexes me. I spent a good 8 hours toying with it and
> everytime I failed to produce correct output.

As I mentioned before, read the EAX paper. All in all I would say OMAC
is pretty simple (it's basically just a CBC-MAC with some magic at the end).

> Personally I just think the specs are half-assed. They spent too much
> time analyzing the algorithm and not enough describing how to implement
> it [hint: reference source code would have gone a long way!]

C'est la vie.

> I don't see the advantage over say HMAC. In fact I was quite horribly
> surprised that a non-encrypt mode was picked....

In terms of advantages of HMAC: maybe because MD5, SHA-1, etc are quite
expensive in hardware as compared to AES? And because having both AES
and a hash increases hardware costs significantly? And that virtually
no good general purpose MAC based on a block cipher exists right now?

Lastly, why were you suprised about OMAC? NIST had already decided to
pick a MAC, but RMAC had problems so they decided to pick another.

---

• Next message: Jack Lloyd: "Re: OMAC help"
• Previous message: Anne & Lynn Wheeler: "Re: Idea for secure login"
• In reply to: Tom St Denis: "Re: OMAC help"
• Next in thread: Tom St Denis: "Re: OMAC help"
• Reply: Tom St Denis: "Re: OMAC help"
• Reply: unknown: "Re: OMAC help"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: CBC questions ... > to trust any MAC ... But we do know OMAC pretty well, ... > deliberately change meaning or values in the first block ... message authentication code that can be automatically verified by your ... (sci.crypt) Re: OMAC help ... >>Well OMAC is encrypt based MAC. ... So you either encrypt then OMAC the ... >>last ciphertext is in fact the correct output. ... (sci.crypt) Re: Block cypher mode of operation for MAC ... >Block Chaining) modes in oredr to take the last block as MAC for a ... My recommendation: Just use OMAC. ... (sci.crypt) Re: ECB security ... What type of MAC did you use? ... > implementation of a blockchipher you can use it in a CBC-MAC based ... Can't remember if I looked into what OMAC is. ... "Should a mac be applied to 'plain data' or the 'cipher data' or doesnt it ... (sci.crypt)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(13)