Re: Use of CRC to verify encrypted data integrity
- From: daw@xxxxxxxxxxxxxxxxxxxxxxxx (David Wagner)
- Date: Mon, 26 Dec 2005 01:44:36 +0000 (UTC)
Unknown wrote:
>By encrypting the combination, does the CRC gain cryptographic security
>(setting aside the fact that it is very short)?
No.
http://www.cs.berkeley.edu/~daw/papers/wep-mob01.pdf
>Are there any other recommendations which can be done in a very short
>amount of space? MD5 and other longer hashes are too long for my desired
>application.
SHA1-HMAC or AES-OMAC, truncated as necessary.
But beware that if the MAC is too short, then it will be possible
for an attacker to forge messages just by blind luck (no matter which
scheme you use). Exactly how long is sufficient is likely to depend
on the details of your application and your security requirements.
.
- Follow-Ups:
- Re: Use of CRC to verify encrypted data integrity
- From: tomstdenis
- Re: Use of CRC to verify encrypted data integrity
- References:
- Use of CRC to verify encrypted data integrity
- From: Unknown
- Use of CRC to verify encrypted data integrity
- Prev by Date: Re: Use of CRC to verify encrypted data integrity
- Next by Date: Re: Defeating keyloggers with encrypted one time passwords (a patent spoiler?)
- Previous by thread: Re: Use of CRC to verify encrypted data integrity
- Next by thread: Re: Use of CRC to verify encrypted data integrity
- Index(es):
