[Cryptography] CFB/OFB/CTR mode with HMAC for key stream

Ray Dillinger bear at sonic.net
Mon May 15 18:22:31 EDT 2017

On 05/01/2017 08:29 AM, Bill Frantz wrote:

> Exactly this idea was suggested by at least one well-known
> cryptographer* during the 1990s crypto wars as a thought experiment to
> show that even if encryption algorithms were controlled, MACs could be
> substituted.

You may be thinking of the "Chaffing and Winnowing" paper by Ron
Rivest, from 1998.  If someone wants to implement confidentiality
as well as authenticity using a MAC, it's probably the best-known

It even has its own Wikipedia article.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20170515/0c5daaed/attachment.sig>

More information about the cryptography mailing list