Why is RMAC resistant to birthday attacks?
Aram Perez
aram at pacbell.net
Tue Oct 22 01:34:40 EDT 2002
Victor.Duchovni at morganstanley.com wrote:
[snip]
>
> With keyed MACs Alice and Bob share the same secretkeys, either can
> freely generate messages with correct MAC values, so the MAC cannot be
> used as evidence to a third party that Alice is the signer of the
> message.
While you are correct in the general case, I have worked on a system where
Alice could only generate MACs and Bob could only verify MACs. The hardware
was designed so that Alice could not verify MACs and Bob could not generate
MACs even though they shared the same key (that was only known to the
hardware).
Regards,
Aram Perez
[snip]
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com
More information about the cryptography
mailing list