Tag: mac

308 Should we MAC-then-encrypt or encrypt-then-MAC? 2011-07-19T21:39:56.770

136 What are the differences between a digital signature, a MAC and a hash? 2012-12-10T12:16:02.220

45 Why is $H(k\mathbin\Vert x)$ not a secure MAC construction? 2011-10-26T20:58:58.450

28 Purpose of outer key in HMAC 2012-07-26T18:31:00.110

28 Why is plain-hash-then-encrypt not a secure MAC? 2014-05-28T03:23:43.570

27 What is the difference between MAC and HMAC? 2013-02-28T20:55:32.610

26 HMAC vs MAC functions 2012-06-16T13:39:34.510

22 Is H(k||length||x) a secure MAC construction? 2011-11-14T18:49:35.993

19 Why is SHA-3 robust against Length-Extension Attacks? 2018-09-25T19:04:38.750

18 Attacks of the MAC construction $\mathcal{H}(m\mathbin\|k)$ for common hashes $\mathcal{H}$? 2012-05-23T11:32:26.000

18 Why is Poly1305 popular given its 'sudden death' properties? 2014-11-16T07:05:20.970

17 Definition of "pepper" in hash functions 2014-12-01T20:23:43.407

17 Ciphertext and tag size and IV transmission with AES in GCM mode 2015-07-07T20:41:02.443

16 Why is it insecure to use a randomized IV for CBC-MAC instead of an all-zero IV? 2011-10-22T19:46:13.643

16 What is the purpose of four different secrets shared by client and server in SSL/TLS? 2011-11-07T13:59:00.303

16 Can I use HMAC-SHA1 in counter mode to make a stream cipher? 2014-01-09T12:49:08.283

15 UMAC: to what extent is it in use today? 2011-07-25T20:43:17.127

15 Is the encryption of a hash a good MAC? 2012-07-13T10:21:34.193

15 Cryptographically secure keyed rolling hash function 2014-05-08T23:37:58.907

15 Is HMAC needed for a SHA-3 based MAC? 2014-06-17T10:35:11.307

14 In which situations is a length-extension attack a problem? 2012-04-26T10:50:21.473

14 Why is h(m||k) insecure? 2012-12-17T04:53:22.740

14 Use cases for CMAC vs. HMAC? 2014-04-22T14:16:19.277

13 GCM vs CTR+HMAC tradeoffs 2014-03-01T03:26:55.997

12 How is HMAC(message,key) more secure than Hash(key1+message+key2) 2014-03-20T18:40:29.030

12 Why do we encrypt-then mac but sign-then-encrypt? 2014-04-09T09:17:23.923

12 Can any MAC be used as a KDF? 2016-06-22T13:04:48.820

11 Physical analogue for MACs 2013-07-09T01:27:48.310

11 Does there exist a proof-of-retrievability scheme that is publicly-verifiable, limited-use, and does not use homomorphic encryption? 2014-01-05T00:21:07.480

11 Can Skein be used as a secure MAC in format H(k || m)? 2014-04-25T11:13:58.640

11 Why MACs are so important despite digital signatures doing everything a MAC can do and more 2016-07-11T15:51:06.900

11 AES-GCM recommended IV size: Why 12 bytes? 2016-11-17T10:25:35.580

10 What is the advantage of digital signatures over message authentication codes? 2016-01-08T16:11:32.383

10 Why would Carter-Wegman-style message authentication not be broken by P = NP? 2016-07-13T17:20:44.973

9 Why are MACs in general deterministic, whereas digital signature constructions are randomized? 2012-05-29T15:54:54.440

9 Why have hashes when you have MACs? 2013-08-23T18:25:37.390

9 How would you encrypt-then-MAC when using pen-and-paper and a Caesar cipher? 2013-11-01T04:05:27.600

9 For a one-time pad, which MAC method is information-theoretically secure? 2014-04-04T13:24:57.650

9 Does data authenticity always, implicitly, provide data integrity? 2014-05-27T12:20:55.543

9 The difference between MAC algorithms and what to use 2015-04-20T08:04:07.423

8 Has GMAC mode a future outside GCM? 2013-06-16T14:05:56.710

8 How does NaCL Poly1305 implementation do modular multiplication? 2013-07-14T20:29:27.310

8 Why don't we use MACs to store passwords? 2013-11-10T09:18:48.120

8 Is the HMAC construction really neccessary for a fixed length message? 2015-05-17T09:32:22.613

8 Side channel security of HMAC in software 2016-01-30T11:15:15.677

8 Can I use a HMAC for Replay Attack protection? 2016-08-27T10:54:44.790

8 Is a secure deterministic MAC always a PRF? 2017-04-05T12:27:25.617

8 Is Poly1305 an information-theoretically secure MAC? 2017-06-17T21:34:27.020

7 Can Poly1305 be used with block ciphers running in CTR mode? 2013-06-12T17:44:49.093

7 Why is H(message||secret_key) not vulnerable to length-extension attack? 2013-06-14T13:07:06.843

7 Practical uses of Manipulation Detection Code (MDC) and IGE 2013-07-23T19:47:00.617

7 How is digital signature different from a message authentication code (MAC)? 2013-11-01T01:02:32.453

7 Block-cipher based vs Hash based MAC 2014-08-15T09:07:13.260

7 Regular MACs vs Carter-Wegman MAC 2014-08-20T10:35:17.170

7 Where is CFB-MAC defined? 2015-08-29T08:17:22.600

7 HMAC - What does "in transit" mean 2016-12-10T13:30:51.383

7 Is Encrypt(m||k2, k1) secure authenticated encryption? 2017-07-24T19:02:46.837

7 Should the identity of a sender be verified using additional means, or does a MAC suffice? 2017-12-07T06:28:30.447

6 Encrypt-then-MAC Confidentiality, Integrity and Authenticity 2011-10-10T06:35:43.250

6 What are the consequences of a MAC tag collision? 2011-11-19T17:48:08.287

6 Why is a MAC needed with CBC? 2012-07-20T20:56:55.840

6 ChaCha cipher + Poly1305 2013-03-06T23:02:16.850

6 CBC-MAC , fixed length, all blocks returned 2013-05-03T10:16:16.513

6 Using GMAC for Authentication without encrypting the message 2014-07-16T13:50:10.497

6 Secure way to derive separate encryption and MAC keys from a single master key? 2014-10-23T08:38:32.833

6 Parallel authentication of encrypted data. What AE type to choose? 2015-07-03T22:26:16.107

6 Do Carter–Wegman MACs allow key reuse if the MAC tag is kept secret? 2016-01-27T06:53:45.327

6 MAC where key is provided afterwards 2016-12-05T21:44:39.813

6 MAC security using encryption 2017-01-27T14:36:14.633

6 Better truncate a CMAC from MSB or LSB 2017-04-12T10:43:22.633

5 Cost of attacking Mobile OTP with a fake server 2012-03-01T19:56:01.413

5 Can I jettison MAC if I already have SHA1(M)? 2012-07-21T14:16:49.997

5 HMAC construction based on the combination of two hash functions 2013-09-13T21:02:06.767

5 What is the definition of "security beyond the birthday paradox"? 2013-10-12T14:58:02.080

5 Proof that MACing a hash of the message is also a secure MAC 2013-10-18T12:27:41.353

5 When is it safe to not use authenticated encryption? 2014-05-07T03:49:52.280

5 Why is MAC using nonce+message+hash(nonce+message+identifier) not the standard? 2014-07-22T20:33:32.293

5 Keys in HMAC and NMAC 2015-07-21T12:12:58.243

5 Fast 128-bit MAC with second preimage resistance? 2015-09-10T11:20:36.307

5 Is reusing keys for CBC and CBC-MAC secure when using encrypt-then-MAC? 2016-02-09T07:49:47.197

5 Prove that the following MAC is insecure 2016-05-04T14:22:38.773

5 Equivalent security of KMAC and different HMAC instances? 2016-08-10T04:25:38.760

5 How could I make a MAC two time secure? 2016-11-19T15:44:58.960

5 Forgery attack for Merkle–Damgård MAC scheme with prefix method 2016-11-28T22:06:18.947

5 Perfect Deniability of a MAC 2017-06-15T23:56:23.413

5 Which MAC to choose? 2017-07-05T14:49:02.137

5 Recommended key lengths for BLAKE2b 2018-03-18T17:38:37.397

5 Proof that MAC and hash composition is insecure 2018-05-13T04:05:30.037

5 Why does the CBC-MAC require PRFs? 2018-11-12T20:39:55.987

4 ANSI X9.9 Cryptography Standards 2011-08-08T11:08:23.360

4 How safe is it to derive MAC key from a hashed password? 2011-12-16T11:29:42.823

4 What type of hash functions provides non-malleability of hash digests? 2012-02-02T15:09:02.087

4 Is SHA1 secure with such many inputs Z that Z = constant secret X + variable public Y? 2012-03-17T12:37:28.870

4 Using a derived key for CMAC 2012-07-05T07:26:24.003

4 Non-cryptographic hash function as MAC for stream ciphers 2013-01-22T17:23:41.050

4 Padding in PMAC 2013-02-04T21:39:13.707

4 How to design a practical and secure MAC scheme? 2013-03-27T10:44:09.977

4 Can i modify data "protected" by a CRC16? 2013-06-01T16:40:40.883

4 What is the function of the secret key “r” in Poly1305? 2013-12-01T23:45:11.917