If an attacker had a padded message and its corresponding CBC-MAC tag, how would they construct another message which produces the same tag for the same key as the original? The padding scheme used in this scenario is to add 0's to the end of the message until is it a full block.
What about when the attacker has an non-padded message? How would they accomplish a similar attack and what conditions are needed for the message for the attack?
