I agree that we have covered most of the issues. One area whre you have not responded is the use of WPa in 802.11a. I see no justification for intoducing a crippled authentication there.
Also here is one more idea for possibly improving Michael. Scramble the output of Michael in a way that depends on the MIC key, K. This could be as simple as rotating each output word a number of bits derived from K. Or you could generate a 8 by 8 permutation from K and apply it to the bytes in the Michael output. you might even be able to use the small cipher that is used to generate the individual packed encryption keys in WPA. This would break up an attack that depends on messing with the bits of the MIC in the message. It does nothing for attacks on parts of the message body. Any additional integrety check on the message would catch that, however. On the other hand it is very cheap and might interfere with future more sophisticated attacks. Arnold Reinhold --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
