Re: AES MAC security question
From: Andrew Swallow (am.swallow_at_btopenworld.com)
Date: 07/03/05
- Next message: David Taylor: "Re: AES MAC security question"
- Previous message: Colin Andrew Percival: "Re: AES MAC security question"
- In reply to: Rein Anders Apeland: "Re: AES MAC security question"
- Next in thread: David Taylor: "Re: AES MAC security question"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sun, 3 Jul 2005 00:06:07 +0000 (UTC)
Rein Anders Apeland wrote:
[snip]
>
> I belive this supports my proposal. The bandwidth is limited and
> once a count value has been used (and the transmission perhaps
> 'snapped' by an attacker), the receiver won't accept it anymore.
> The attacker needs to create a valid MAC with the next counter value.
The count protects against replay attacks. However if the thief has a
computer in his transmitter adding 1 is not hard. Watch out for the
count looping back to zero (mileometers have a similar problem).
The problem is then making sure that the thief cannot fake the MAC,
possibly by trying every value.
Time to try them all = (2**32 * 128) / 10,000 = 54975581.3888 seconds
= 636.29 days = 1.74 years.
This could be a little short. Or put another way, try 100 cars for a
week and the thief will open one. There are plenty of car parks with 100
expensive cars in them.
Each bit you add to the MAC will double the time required. An extra
byte would increase it to 446.27 years.
Andrew Swallow
- Next message: David Taylor: "Re: AES MAC security question"
- Previous message: Colin Andrew Percival: "Re: AES MAC security question"
- In reply to: Rein Anders Apeland: "Re: AES MAC security question"
- Next in thread: David Taylor: "Re: AES MAC security question"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
