On Fri, Sep 10, 2010 at 2:06 PM, <[email protected]> wrote: > ...something where you can spend a few bits authenticating each > frame of a movie, or sound sample, for example, and have some > probabilistic chance of detecting alteration at each frame. > On Sun, Sep 12, 2010 at 9:15 PM, Chris Palmer <[email protected]> wrote: > James A. Donald writes: > I agree with Bellovin that truncating the MAC is of little benefit except in > bandwidth-constrained applications --- truncating the MAC decreases its > protective power. There may be situations in which it's a fine trade-off, of > course. > I don't think full authentication tags on video or sound amount to enough bits to care about reducing them.
Also having done some work in the past with respect to reduced authentication (albeit per packet, not per frame), <http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.121.9208&rep=rep1&type=pdf>, I can tell you that while I agree that reducing authentication per packet on video or sound doesn't hurt overall authenticity when occasionally bad packets get through, it is very difficult to come up with an application that can actually show benefit stemming from reducing authentication. The 50,000 ft view is that IPsec HMAC-SHA1 costs about the same amount of processing as TCP. Almost anything else you do with video or sound will cost orders of magnitude more. A coworker was actually able to cobble a demo together that showed an effect from faster authentication by sending uncompressed video over the network to max it out. The host then did a straight copy of the unconverted video to the graphics card. Even with the heaviest authentication (HMAC-SHA1) the video was completely intelligible with only the occasional stutter. ---- -Michael Heyman _______________________________________________ cryptography mailing list [email protected] http://lists.randombit.net/mailman/listinfo/cryptography
