Re: AES MAC security question

From: Joseph Ashwood (ashwood_at_msn.com)
Date: 07/04/05 

Date: Mon, 04 Jul 2005 01:43:24 GMT

"Kristian Gjøsteen" <kristiag+news@item.ntnu.no> wrote in message
news:da94pn$re9$1@orkan.itea.ntnu.no...
> If the MAC is secure, a shared secret does not stop a guessing attack.
> What kind of attacks would a shared secret complicate or stop?
>
> (What's the difference between a shared secret and the shared secret
> key?)

The shared secret prevents casual guessing. Like I said it is
information-theoretically transparent, but functionally there. With the
shared secret used for padding an attacker now has to guess at the padding
as well. An information theoretic attacker can sample multiple MACs and
perform the derivation by segmenting the scheme into a (I think)48-bit
problem and the larger problem, the real world attacker is going to be
guessing the MAC value (smallest value to need guessing) raising the
effective bar, but not the real bar.

Having an encryption key serves the same purpose, but significantly increase
the computation time, and by relation the computation power consumption. I
admittedly was assuming that keeping the power consumption in the fob as low
as possible is a requirement. The problem is that the MAC isn't secure, it's
secure enough that makes for a very hard line to walk.
                Joe

Relevant Pages

  • Re: [Full-disclosure] Cisco Security Advisory: Multiple Vulnerabilities in Cisco Clean Access
    ... >>Unchangeable Shared Secret ... >>Cisco Clean Access Server (CAS), both CAM and CAS must have the same ... > anywhere else an attacker might have easier access to (e.g. on Clean ... It is "may" because if you run software release 3.6.1 then your passwords ...
    (Full-Disclosure)
  • Re: [Full-disclosure] Cisco Security Advisory: Multiple Vulnerabilities in Cisco Clean Access
    ... Unchangeable Shared Secret ... Cisco Clean Access Server (CAS), both CAM and CAS must have the same ... So, other than making a TCP connection to the box, what does the attacker ... The snapshot contains sensitive information that can aide in the ...
    (Full-Disclosure)
  • Re: Ciphers and their effect on the size of data
    ... If the blob is to be encrypted, does that mean that the sender of the blob and the receiver of the blob will already have a shared secret that they will use as the encryption key? ... If so, and they can arrange to share a second secret, would a Message Authentication Code rather than a digital signature be sufficient? ... A MAC could easily be as short as 8 to 12 bytes. ... Will the sender and the receiver already have a shared secret? ...
    (sci.crypt)
  • Re: Encryption mode without IV
    ... > I'm looking for encryption mode without IV. ... Finally ciphered data and MAC length ... Both with ciphertext ... How about generating your IV by encrypting a shared secret (or the hash of a ...
    (sci.crypt)
  • Re: AES MAC security question
    ... The MAC key is already a shared secret, ... > where the whole packet is encrypted with ... > layer of encryption? ...
    (sci.crypt)
Quantcast