Re: [cryptography] AES-GMAC as a hash

2009-09-08 Thread Eric Young
Darren J Moffat wrote: Ignoring performance for now what is the consensus on the suitabilty of using AES-GMAC not as MAC but as a hash ? Would it be safe ? The key input to AES-GMAC would be something well known to the data and/or software. The only reason I'm asking is assuming it can be

Re: AES-GMAC as a hash

2009-09-04 Thread Hal Finney
this would work. In general, giving a MAC a fixed key cannot be expected to produce a good hash. With AES-GMAC in particular, it is unusual in that it has a third input (besides key and data to MAC), an IV, which makes your well-known-key strategy problematic. And even as a MAC, it is very important

Re: AES-GMAC as a hash

2009-09-04 Thread Darren J Moffat
don't think this would work. In general, giving a MAC a fixed key cannot be expected to produce a good hash. With AES-GMAC in particular, it is unusual in that it has a third input (besides key and data to MAC), an IV, which makes your well-known-key strategy problematic. And even as a MAC, it is very

Re: AES-GMAC as a hash

2009-09-04 Thread Matt Ball
On Thu, Aug 27, 2009 at 8:45 AM, Darren J Moffat wrote: Ignoring performance for now what is the consensus on the suitabilty of using AES-GMAC not as MAC but as a hash ? Would it be safe ? The key input to AES-GMAC would be something well known to the data and/or software. The only