Re: MACs + Encryption + same Key
From: David Wagner (daw_at_taverner.cs.berkeley.edu)
Date: 10/29/04
- Next message: Peter Fairbrother: "Re: commuting?/non-group cipher?"
- Previous message: David Wagner: "Re: newdes"
- In reply to: Anton Stiglic: "Re: MACs + Encryption + same Key"
- Next in thread: David Wagner: "Re: MACs + Encryption + same Key"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 29 Oct 2004 06:14:17 +0000 (UTC)
Anton Stiglic wrote:
>The paper "Pseudorandom Functions Revisited: Cascade Construction and
>its Concrete Security", by Bellare, Canetti, Krawczyk, shows that SHA1
>(with a fixed-length key) is a secure PRF as long as the underlying
>compression function acts like a good FI-PRF (fixed-lenght input PRF).
On a prefix-free input space, yes. SHA1(K,.) is not secure for
arbitrary messages, since SHA1(K,X||Y) can be derived from SHA1(K,X)
for certain values of X and Y.
- Next message: Peter Fairbrother: "Re: commuting?/non-group cipher?"
- Previous message: David Wagner: "Re: newdes"
- In reply to: Anton Stiglic: "Re: MACs + Encryption + same Key"
- Next in thread: David Wagner: "Re: MACs + Encryption + same Key"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
