This preview shows page 1. Sign up to view the full content.
Unformatted text preview: well . If H is one-way but not collision-free, Mallory can forge messages. Still better is H (K,M,K ), or H (K1,M,K2 ), where K1 and K2 are different . Preneel is still suspicious . The following constructions seem secure: H (K1,H(K2, M)) H (K, H (K,M)) H (K,p,M,K ), where p pads K to a full message block. Figure 18.15 Stream cipher MAC. The best approach is to concatenate at least 64 bits of the key with each message block. This makes the one-way hash function less efficient, because the message blocks are smaller, but it is much more secure . Alternatively, use a one-way hash function and a symmetric algorithm. Hash the file, then encrypt the hash. This is more secure than first encrypting the file and then hashing the encrypted file, but it is vulnerable to the same attack as the H (M,K ) approach . Stream Cipher MAC
This MAC scheme uses stream ciphers (see Figure 18.15) . A cryptographically secure pseudo-random-bit generator demultiplexes the message stream into two substreams. If the output bit of the bit generator ki, is 1, then the current message bit mi, is routed to the first substream; if the ki is 0, the mi is routed to the second substream. The substreams are each fed into a different LFSR (see Section 16.2). The output of the MAC is simply the final states of the shift registers. Unfortunately, this method is not secure against small changes in the message . For example, if you alter the last bit of the message, then only 2 bits in the corresponding MAC value need to be altered to create a fake MAC; this can be done with reasonable probability. The author presents a more secure, and more complicated, alternative. Previous Table of Contents Next Products | Contact Us | About Us | Privacy | Ad Info | Home Use of this site is subject to certain Terms & Conditions, Copyright © 1996-2000 EarthWeb Inc. All rights reserved. Reproduction whole or in part in any form or medium without express written permission of EarthWeb is prohibited. Read EarthWeb's privacy statement. To access the contents, click the chapter and section titles....
View Full Document
- Fall '10