On 2010-09-13 8:03 AM, Steven Bellovin wrote:
I confess I'm not sure I understand what properties you're actually looking forthat aren't handled by the truncated MAC you describe. (I'd also that unless your frames are very small, truncation doesn't buy you much.) Are you looking for chaining properties between frames? What are they? (Stream ciphers don't have such, of course.) Do you want to MAC each frame with some probability, then get a strong MAC on a group of frames? I note that no matter the algorithm, the basic properties are pretty obvious: if you have an N-bit authentication field, the odds on a random field being accepted are 2^-N. What else do you want?
What he wants is the that probability is cumulative - that each short field not only validates the latest packet, but strengthens the probability that all previous accepted packets were correct.
_______________________________________________ cryptography mailing list [email protected] http://lists.randombit.net/mailman/listinfo/cryptography
