L02_HashMDMAC

G eg for a hash function with 64 bit output m264 it

Info iconThis preview shows page 1. Sign up to view the full content.

View Full Document Right Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: ind a collision, e.g. e.g. For, a hash function with 64-bit output, m=264 => it only takes about √ m = 232 tries to find a pair of inputs which will produce the same hash output, i.e. a collision which Forgery Has the same Hash Birthday Attack on Message Digest K E Compare ? Using CBC-residue as Message Authentication Code Birthday Attacks Birthday attack can proceed as follows: opponent generates 232 variations of a valid message, all with essentially the same meaning ; this is “doable” given current technology. current opponent also generates 232 variations of a desired fraudulent message fraudulent two sets of messages are compared to find a pair with two same hash output (by argument similar to the Birthday paradox, this probability > 0.5) paradox, have user sign the valid message, but sent the forgery have message which will have a valid message digest message Conclusion is that we need to use longer MACs Conclusion longer 32 BTW, how can we generate 2 variations of a letter carrying the sa...
View Full Document

This note was uploaded on 12/05/2013 for the course IERG 4130 taught by Professor Chowsze-ming,sherman during the Fall '13 term at CUHK.

Ask a homework question - tutors are online