On Tue, Jul 21, 2009 at 07:15:02PM -0500, Nicolas Williams wrote:
> I've an application that is performance sensitive, which can re-key very
> often (say, every 15 minutes, or more often still), and where no MAC is
> accepted after 2 key changes.  In one case the entity generating a MAC
> is also the only entity validating the MAC (but the MAC does go on the
> wire).  I'm interested in any MAC algorithms which are fast, and it
> doesn't matter how strong they are, as long as they meet some reasonable
> lower bound on work factor to forge a MAC or recover the key, say 2^64,
> given current cryptanalysis, plus a comfort factor.
> Which MAC algorithms would you recommend?

I'm getting the impression that key agility is important here, so one
MAC that comes to mind is CMAC with a block cipher with a fast key
schedule like Serpent. (If for some reason you really wanted to do
something to make secuity auditors squirm you could even cut Serpent
down to 16 rounds which would increase the message processing rate by
about 2x and also speed up the key schedule. This seems like asking
for it to me, though.)

Another plausible answer might be Skein - it directly supports keying
and nonces (so you don't have to take the per-message overhead of the
extra hash as with HMAC), and has very good bulk throughput on 64-bit


The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com

Reply via email to