Talk:CBC-MAC

From Wikipedia, the free encyclopedia

You have new messages (last change).

[edit] CBC-MAC attack

Hi Quarl. I just noticed your contribution. Seems to be a relevant explanation of an attack that you added. However even for me as an old crypto geek it is not very comprehensible. So my first question is, what is a "PRF"? And if it means "Pseudo Random Function" which is my best guess then what does that have to do with it? (Well sure, the block crypto must behave like a random function to be a good crypto.) That first sentence of yours should perhaps be something like this "If the block crypto is secure then CBC-MAC is secure for fixed-length messages."

And I guess one fix to prevent the attack would be to use Merkle-Damgård length padding? So in essence not use CBC-MAC but instead first turn the block crypto into a secure hash using one of the methods described in Hash functions based on block ciphers and then use say HMAC to turn that hash into a MAC. Or perhaps use say OMAC or similar instead. (Although I do not know if OMAC is secure against the attack you described.)

--David Göthberg 07:43, 22 February 2006 (UTC)

Pseudorandom function = block cipher. I've changed the wording to be consistant. Quarl (talk) 2006-02-22 09:21Z

There's an error in the description of the same-key vulnerability: the MAC is calculated using the plaintext, not the ciphertext; otherwise, it wouldn't work. Corrected this error.

--Illix, 2053h, 22 October 2006

Retrieved from "http://en.wikipedia.org../../../c/b/c/Talk%7ECBC-MAC_1efb.html"