W3C home > Mailing lists > Public > public-webcrypto-comments@w3.org > January 2013


From: Justin Troutman <justin.troutman@gmail.com>
Date: Sun, 27 Jan 2013 10:39:50 -0500
Message-ID: <CANXPy3f3Gc+OphLSkwWgQ1VZY_PbXowwwuVO8o9k5NXe7QJEDQ@mail.gmail.com>
To: public-webcrypto-comments@w3.org
Good morning,

Pardon me if I've sent this through before.

Is there any reason CMAC isn't defined in the specifications? CMAC will
allow you to recycle the block cipher you're already using (AES), which
reduces the number of primitives necessary to encrypt and authenticate; in
turn, this adds a bit of cleanliness to the code, which should be a primary
focus of any attempt at real-world cryptographic design. Security-wise,
HMAC and CMAC are both SUF-CMA, so I'm not concerned about that; it just
seems logical to give your block cipher the opportunity to authenticate too.


Received on Sunday, 27 January 2013 15:47:28 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 20:12:49 UTC