Cryptography What are the proper MAC sizes? |
What are the proper MAC sizes? Posted: 28 Apr 2019 03:24 AM PDT Common hash sizes are typically 256 bits or 512 bits. 256 bits are enough for preimage resistance, and 512 bits are enough to prevent collisions. (Both means 256 bits of security.) Message Authentication Codes however are sometimes even smaller. Poly1305 for instance only has a 128-bit output. My question is, could this be generalised, and why? Could we safely truncate the output of HMAC-SHA512 or use Blake2b/128? Or is there a reason why only polynomial hashes can get away with so few bits? (I do have an idea why 128 may be enough, but I'm not sure it's correct: if the attacker doesn't know the authentication key, there's no way to brute force the MAC, they have to guess it and have the victim authenticate it. Presumably the number of tries is much more limited than if one could perform an offline attack, so we can have fewer bits of security. Is that right?) [link] [comments] |
Posted: 28 Apr 2019 08:54 AM PDT Hi Cryptobros. I have a couple of conceptions that I was hoping you could help with. I've googled and YouTube for hours without finding much consistency. Can you confirm my impression: 1) the private key for ECC based crypto is a random number not necessarily prime. 2) although the pub key is G * priv, can one think of the private key as the number of "hops" from G to the Public key point? Thanks John [link] [comments] |
Can you cross borders with FDE disks safely? Posted: 27 Apr 2019 12:25 PM PDT If you were to cross a border with FDE HDD with the entire blockchain and bitcoin on it, would anyone ask for decryption? If they force you would you be a good cuck or refuse? [link] [comments] |
You are subscribed to email updates from Cryptography news and discussions. To stop receiving these emails, you may unsubscribe now. | Email delivery powered by Google |
Google, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States |
No comments:
Post a Comment