Talk:UMAC

From Wikipedia, the free encyclopedia

I should drop the intro -- Nroets 23:31, 8 Jun 2005 (UTC)

Explaining an edit that I made: hashing (for instance, by evaluating a polynomial over a finite field) followed by one-time pad is not a secure MAC. For instance, the attacker might twiddle the lowest-order bit of the input. This will add (or subtract) 1 to the output, which has a 50% chance of just twiddling the low-order bit there. That would commute with the one-time pad, so the attacker can just twiddle the low-order bit of the MAC also, and he forges a message with probability 1/2. To make the MAC secure, you need a pseudorandom function. -- bitwiseshiftleft

Retrieved from "http://en.wikipedia.org../../../u/m/a/Talk%7EUMAC_a75d.html"

Views

Article
Discussion
Current revision

interaction

About Wikipedia
Community portal
Contact us
Make a donation
Help

Talk:UMAC

From Wikipedia, the free encyclopedia

Views

Navigation

interaction

Search