[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: risks of MACs associated with packets



<dee@skidrow.tay.dec.com> wrote:

> That's far from clear to me.  If both the plaintext and the checksum are
> encrypted, you can probably use a much weaker algorithm than a cryptographic
> hash function, I'd think.  Or am I missing some attacks?

If the check is a CRC, the patterns which can be XORed into a valid message
to produce a valid message are easily derivable.  If using a stream cipher,
you can XOR a known pattern into the (unknown) plaintext easily.

It can even be done to some degree with CBC and CFB chaining.
(You can do a controlled XOR for one cipher block.)

It can be done, but you need to be careful.
-- 
	-Colin