truncating MACs for confidentiality, was Re: Public key encrypt-then-sign or sign-then-encrypt?
Travis H.
travis+ml-cryptography at subspacefield.org
Thu Apr 26 00:23:03 EDT 2007
One more thing to consider; if you pick a reasonable MAC with twice
the security factor you need, then truncate the output to half the
size, I believe you get both confidentiality and
integrity/authentication guarantees of the desired strength.
--
Kill dash nine, and its no more CPU time, kill dash nine, and that
process is mine. -><- <URL:http://www.subspacefield.org/~travis/>
For a good time on my UBE blacklist, email john at subspacefield.org.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 827 bytes
Desc: not available
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20070425/13d30ac4/attachment.pgp>
More information about the cryptography
mailing list