OFB-based MAC

---

• From: Alexander Bernauer <usenet@xxxxxxxxxx>
• Date: Sun, 24 Sep 2006 00:36:43 +0200 (CEST)

---

Hi

I guess the following is known in the arts but I failed to find any
papers, articles or anything about it at citeseer, google groups or
wikipedia. I even didn't find out how this is called. Perhaps someone
can give me a hint.

Given some block cipher in OFB mode I want to add authentication by
appending a cryptographic hash h over the message m before xoring the
whole with the keystream k:
c = (m, h(m)) XOR k

For me it sounds reasonable that the encrypted hash forms a MAC as it is
very unlikely that on the receiver's side the decrypted hash matches if an
arbitrary key stream was used for encrypting.

Nevertheless I could not find any work on this idea. All I did find is:
---8<---
Newsgroups: sci.crypt
Subject: Re: attack on MAC using OFB
Date: 15 Jan 2003 19:58:55 -0800
Message-ID: <1a517b5.0301151958.27e81df2@xxxxxxxxxxxxxxxxxx>
[...]
There is no standard construction for building a MAC from OFB-Mode.
[...]
--->8---

Is this still right? If so, why? Is this method perhaps broken or
braindead or somethin?

Thanks in advance

regards

Alex
.

---

• Follow-Ups:
  • Re: OFB-based MAC
    • From: Mike Amling
  • Re: OFB-based MAC
    • From: David Wagner

• Prev by Date: Re: Diffie-Hellman groups
• Next by Date: Re: Need Graph Isomorphism Algorithm De-bunked
• Previous by thread: Diffie-Hellman groups
• Next by thread: Re: OFB-based MAC
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: a makeshift hash solution ... Tom Foolery wrote: ... But how would I use a public key system to protect ... > the hash that's in the file and compare to the hashes in the list. ... I've been using a MAC all along. ... (sci.crypt) Re: HMAC issues ... hash the message once and then hash the result. ... MAC!= Hash. ... twofish and AES modules i have in VB use this code fiddling to unsign ... implementation in VB (apparently they work for counterpane), ... (sci.crypt) Re: Can a program prove its own integrity? ... > program he would have to find a way to calculate the right MAC for every ... If the attacker has access to the box, the MAC can be bypassed, ... get and build a simple program that does a SHA-1 hash of a file. ... Modify the program to calculate a hash of itself. ... (sci.crypt) Re: Hash of Hashes ... I am having some problems in printing the Hash of Hashes. ... The file has multiple MAC, PHY and Network Statistics in it and I am ... (comp.lang.perl.misc) Re: Statistics Extraction ... into an hash of hashes and print them. ... The file has multiple MAC, PHY and Network Statistics in it and I am ... (comp.lang.perl.misc)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Newsgroups  > sci.crypt  > 2006-09