[Cryptography] CFB/OFB/CTR mode with HMAC for key stream

Bill Frantz frantz at pwpconsult.com
Mon May 1 11:29:36 EDT 2017

On 5/1/17 at 12:07 AM, memvandal at gmail.com (Memory Vandal) wrote:

>I was wondering if using HMAC with something like SHA-256 to create a key
>stream in CFB/OFB/CTR mode is a bad idea.
>Considering that in CFB/OFB/CTR modes, the cipher required in the mode is
>used only to perform encryption operation for both encryption and
>decryption, a HMAC can be used to generate a key stream.
>So, the overall CFB/OFB/CTR mode remains exactly same with exception of
>using HMAC in place for a cipher. The key being used as HMAC key while IV
>can be as the HMAC message.
>I am not a cryptographer but, have some experience with implementing
>cryptography. I could not come up with reasons as to why this could be a
>bad idea.

Exactly this idea was suggested by at least one well-known 
cryptographer* during the 1990s crypto wars as a thought 
experiment to show that even if encryption algorithms were 
controlled, MACs could be substituted.

Cheers - Bill

* I don't currently have the bandwidth to search out the name.

Bill Frantz        | I like the farmers' market   | Periwinkle
(408)356-8506      | because I can get fruits and | 16345 
Englewood Ave
www.pwpconsult.com | vegetables without stickers. | Los Gatos, 
CA 95032

More information about the cryptography mailing list