[EMAIL PROTECTED] wrote: [snip] > > With keyed MACs Alice and Bob share the same secretkeys, either can > freely generate messages with correct MAC values, so the MAC cannot be > used as evidence to a third party that Alice is the signer of the > message.
While you are correct in the general case, I have worked on a system where Alice could only generate MACs and Bob could only verify MACs. The hardware was designed so that Alice could not verify MACs and Bob could not generate MACs even though they shared the same key (that was only known to the hardware). Regards, Aram Perez [snip] --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
