Re: Authenticated Encryption Modes

jsavard_at_ecn.ab.ca
Date: 06/26/03


Date: Thu, 26 Jun 2003 05:09:19 GMT

jsavard@ecn.ab.ca wrote:
: David Wagner (daw@mozart.cs.berkeley.edu) wrote:
: : >OMAC is the NIST standard for producing a MAC, and it is secure when used
: : >for that purpose. However, in preparing my web page on the subject, I was
: : >able to see that OMAC is *not* an _authenticated encryption mode_; if it
: : >is used that way, a number of attacks are possible:

: : I can't imagine what you mean. OMAC doesn't even encrypt, so it is
: : definitely not an authenticated encryption mode. OMAC is a MAC.

: CBC encrypts. CBC-MAC *looks* like it encrypts, if you don't pay attention
: to what the end product is supposed to be. If you just look at the
: sequence of operations, without paying attention to the fact that nothing
: is defined as "ciphertext", and just superficially imagine it is an
: encryption mode like CBC, since CBC is an encryption mode...

: Unlike yourself, some people have the failing of occasionally skimming
: through dry technical documents, and missing salient points...

However, I now realize, upon further reflection, that I should have
replied to your post with contrition rather than sarcasm. To err is human,
but that is no excuse for taking the name of OMAC in vain, and using the
name OMAC, without comment, to refer to an encryption mode which results
from an ignorant misunderstanding of the OMAC mode of producing a message
authentication code.

Speaking of taking the name of OMAC in vain, of course, brings me to
reflect upon the role of DC Comics in all this...

John Savard