SHA-based encryption function in Python
Bryan Olson
fakeaddress at nowhere.org
Wed Apr 24 23:50:59 EDT 2002
Paul Rubin wrote:
> Note that there's a trivial O(2**64) attack on my authentication since
> I'm truncating the MAC to 8 bytes. So if a security difference
> between HMAC and what I'm doing needs more than O(2**64) work to
> exploit, it's not really useful to an attacker. Is that a reasonable
> way to think of this?
I don't think it's reasonable, no. The 2**64 attack is to try sending
messages until the defender accepts one. It cannot be done off-line
because the attacker cannot tell when he has the right MAC. It's not
comparable to a 2**64 off-line work factor.
--Bryan
More information about the Python-list
mailing list