Why is RMAC resistant to birthday attacks?
Ed Gerck
egerck at nma.com
Tue Oct 22 14:50:31 EDT 2002
Sidney Markowitz wrote:
> "bear" <bear at sonic.net> asked:
> > But why does that buy me the ability to "easily" make a forgery?
>
> It doesn't. As described in the paper all you can do with it is the following:
>
> Mallory discovers that a message from Alice "Buy a carton of milk" and another
> message from Alice "Get a dozen eggs" are sent with the same salt and have the
> same MAC, ...
It does to (as you can read in the paper). BTW, the "easily" applies to the case
WITHOUT salt -- ie., without RMAC. But that's why RMAC was proposed ;-)
Cheers,
Ed Gerck
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com
More information about the cryptography
mailing list