[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Q: Why IPSEC to be used only in CBC mode & not other like CFB or OFB ?
Helger Lipmaa writes:
> (compare invertible block ciphers - DES, IDEA, Rijndael - with
> non-invertible MACs - UMAC).
Apples and oranges. Data encryption needs a large amount of
unpredictable output. MACs produce only a small amount of output.
Note also that the UMAC advertisements are (1) at a trivially breakable
security level and (2) for absurdly long packets. At a serious security
level, for common packet sizes, UMAC simply uses HMAC-MD5. The MAC
described in http://cr.yp.to/papers/hash127.ps is simpler and faster.
Anyway, I agree that cipher invertibility is unnecessary for encryption,
and is a distraction from the crucial property of unpredictability.
---Dan
References: