(or message authentication code), a short piece of information used to authenticate a message, and the algorithm to create and check such information, using a secret key.
Questions tagged [mac]
580 questions
19
votes
3 answers
UMAC: to what extent is it in use today?
Inspired slightly by the Encrypt-then-MAC question. The most obvious message authentication code is probably HMAC or RFC 2104 which is basically a hash of the input, an xor with a key... you get the idea.
However, I've also discovered UMAC which…
user46
17
votes
2 answers
Why is h(m||k) insecure?
Here is the post that explains the failure for doing h(k||m) and I understand it.
But I don't understand how h(m||k) is subjected to collison attack, or birthday attack. Please explain?
CppLearner
- 333
- 3
- 8
11
votes
9 answers
Physical analogue for MACs
What would be a good analogue with which to describe Message Authentication Codes to a person who has little to no understanding of cryptography?
For instance, a vault is a reasonable analogue for symmetric authenticated encryption: anyone with the…
Stephen Touset
- 11,002
- 1
- 38
- 53
6
votes
1 answer
Are there any non Canonical Verifiable Cryptographic MACs
In the 2. edition of the Modern Introduction to Cryptography, by Katz and Lindell, there is a definition for MACs;
Canonical verification. For deterministic message authentication codes
(that is, where $\text{Mac}$ is a deterministic algorithm),…
kelalaka
- 48,443
- 11
- 116
- 196
5
votes
1 answer
ISO 9797-1 MAC Algorithm 3 and Doc 9303-11
I am trying to write a python script to access the IC in an eMRTD as per ICAO Doc 9303. Everything is going swimmingly until I come to the part where I need to calculate a MAC using ISO 9797-1 Algorithm 3 (padding mode 2).
In Appendix D-3, the MAC…
jjajangmyeon52
- 53
- 1
- 3
4
votes
1 answer
Is following MAC schemes formed by MAC schemes secure?
Given two MAC schemes $\prod_1 = (keyGen_1, S_1, V_1)$ and $\prod_2=(keyGen_2, S_2, V_2)$.
$\prod_3$ runs $keyGen$ from $\prod_1$ and $\prod_2$, respectively, to obtain $(k_1, k_2)$. $\prod_3$, where $S_3 = ((k_1,k_2), (m_1,m_2))$ then runs…
Bango
- 41
- 2
4
votes
1 answer
How could I make a MAC two time secure?
Let us assume that a MAC is calculated as $t = a m + b$ with $a,b,m \in \mathbb{Z}_p$, $p$ prime. $a$ and $b$ denote the private generation keys, $m$ refers to the message.
This MAC is then one time secure, but not two time secure. One time secure…
mafu
- 143
- 6
3
votes
2 answers
Setting MAC field to all-zero to indicate unencrypted data
I'm currently working on a project where we transmit data between two systems. The data is generally encrypted before transmission, however there are certain transmissions that are unencrypted.
We use the following data format for…
david
- 33
- 2
3
votes
2 answers
Is MAC better than digital signature?
MACs differ from digital signatures in the sense that MAC values are both generated and verified using a shares secret key. Does this in any way put MAC on a disadvantage as compared to digital signatures? How is one of them better than the other?
Vahni
- 133
- 1
- 3
3
votes
1 answer
How can I validate my implementation of Ansi 9.19?
I implemented an Ansi 9.19 mac generator in java, but now I don't know how to validate its functionality. I couldn't find any sample of a {plain text,key,mac} on the internet, and I want to know if there is a good way to test my implementation.
Saeed
- 133
- 4
2
votes
0 answers
Is a car odometer reading protected by MAC?
I knew the reading on a car odometer can be easily modified with the help of some softwares. But isn't there MAC to protect the reading from being modified?
2
votes
1 answer
When extending the domain of a fixed-length MAC, why do we have to include the message length in each block?
In Katz's text (2nd edition), it states in 4.3.2:
The truncation attack can be thwarted by additionally authenticating
the message length along with each block. (Authenticating the message
length as a separate block does not work. Do you see…
user308485
- 203
- 1
- 3
2
votes
1 answer
Secure MAC implies that probability of same tags on different messages is negligible
So let any secure MAC (message authentication code) be given.
Intuitively, I think it is clear that the probability of getting the same tag on two different messages is very small, i.e. negligible. I want to prove this statement mathematically.
How…
Dorothy
- 21
- 1
2
votes
1 answer
Secure and deterministic MACs which are not strongly secure?
One of the practice problems I was given for an exam that I'm preparing for is as follows:
Let $\Pi$ be a secure, deterministic MAC that uses canonical
verification. Show how to construct a MAC $\Pi'$ that is secure and
deterministic but is not…
Charles
- 121
- 3
2
votes
1 answer
Is using a rolling code as a constantly-changing shared secret effective for signing?
I am your average developer looking for some crypto-related guidance.
I am trying to have assurance that a received message is from a particular sender, but have no need for the message content to be encrypted. The sender and receiver are allowed a…
mbaynton
- 123
- 3