On 2010-09-11 4:06 AM, [email protected] wrote:
So there's an obvious (though imperfect) analogy between block ciphers
and, say, HMAC. Imperfect because authentication always seems to
involve metadata.
But is there a MAC analog to a stream cipher? That is, something
where you can spend a few bits authenticating each frame of a movie,
or sound sample, for example, and have some probabilistic chance of
detecting alteration at each frame. I suppose it could also have uses
with, say, an interactive SSH session, where each keystroke might be
sent in its own packet.
The closest thing I can think of is doing a truncated MAC on each
frame. Looking at HMAC, it looks like you could leave the inner hash
running while also finalizing it for each frame (assuming your library
supports this), so that you could keep it open to feed the next frame
to it - this allows each truncated MAC to attest to the authenticity
of prior frames, which might or might not allow you to get by with
fewer bits of MAC per frame in certain applications (details of which
are complicated and not particularly germane to this query).
If you want to authenticate each fragment, you are probably doing
something real time - video instant messaging, or voice instant
messaging, in which case you need authentication to be resilient against
dropped fragments.
Authentication delayed several round trips is probably acceptable.
Sound or video delayed several round trips is not.
So you could send voice and image using an unreliable protocol, with a
CRC checksum inside the encryption in each packet, notify the other end
what got through using a reliable protocol, and receive a
cryptographically strong authentication for what made it through using a
reliable protocol, with a standard authentication for each 16384 bit
block of data that got through.
_______________________________________________
cryptography mailing list
[email protected]
http://lists.randombit.net/mailman/listinfo/cryptography
