[Cryptography] CFB/OFB/CTR mode with HMAC for key stream
Ray Dillinger
bear at sonic.net
Mon May 15 18:22:31 EDT 2017
On 05/01/2017 08:29 AM, Bill Frantz wrote:
> Exactly this idea was suggested by at least one well-known
> cryptographer* during the 1990s crypto wars as a thought experiment to
> show that even if encryption algorithms were controlled, MACs could be
> substituted.
You may be thinking of the "Chaffing and Winnowing" paper by Ron
Rivest, from 1998. If someone wants to implement confidentiality
as well as authenticity using a MAC, it's probably the best-known
scheme.
It even has its own Wikipedia article.
Bear
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20170515/0c5daaed/attachment.sig>
More information about the cryptography
mailing list