CBC-MAC weakness?
From: Will Dickson (wrd_at_glaurung.demon.co.uk)
Date: 06/24/03
- Next message: Russ Lyttle: "Re: what is a hash ?"
- Previous message: Russ Lyttle: "Re: compilation of ms crypto api program"
- Next in thread: contact: "Re: CBC-MAC weakness?"
- Reply: contact: "Re: CBC-MAC weakness?"
- Reply: Gregory G Rose: "Re: CBC-MAC weakness?"
- Reply: Mark Wooding: "Re: CBC-MAC weakness?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 24 Jun 2003 00:36:54 +0100
I'm looking at using CBC-MAC in an application; since it's using CBC
mode anyway, CBC-MAC is more-or-less free in the context. (Performance
is important; I don't want to use eg. HMAC because the hashing
overhead involved would be a significant issue.)
Applied Crypto says this about CBC-MAC:
"The potential security problem with this method is that [the attacker
can] generate messages with the same hash value as a given message by
decrypting in the reverse direction."
I can understand why this is an undesirable property on general
principles - clearly you don't want the attacker to be able to do
anything - but I can't see a situation where this would actually be a
threat. Could somebody give me / point me to an example?
TIA
Will.
- Next message: Russ Lyttle: "Re: what is a hash ?"
- Previous message: Russ Lyttle: "Re: compilation of ms crypto api program"
- Next in thread: contact: "Re: CBC-MAC weakness?"
- Reply: contact: "Re: CBC-MAC weakness?"
- Reply: Gregory G Rose: "Re: CBC-MAC weakness?"
- Reply: Mark Wooding: "Re: CBC-MAC weakness?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
