CMAC. from Justin Troutman on 2013-01-27 (public-webcrypto-comments@w3.org from January 2013)

From: Justin Troutman <justin.troutman@gmail.com>
Date: Sun, 27 Jan 2013 10:39:50 -0500
To: public-webcrypto-comments@w3.org
Message-ID: <CANXPy3f3Gc+OphLSkwWgQ1VZY_PbXowwwuVO8o9k5NXe7QJEDQ@mail.gmail.com>

Good morning,

Pardon me if I've sent this through before.

Is there any reason CMAC isn't defined in the specifications? CMAC will
allow you to recycle the block cipher you're already using (AES), which
reduces the number of primitives necessary to encrypt and authenticate; in
turn, this adds a bit of cleanliness to the code, which should be a primary
focus of any attempt at real-world cryptographic design. Security-wise,
HMAC and CMAC are both SUF-CMA, so I'm not concerned about that; it just
seems logical to give your block cipher the opportunity to authenticate too.

Cheers,

Justin

Received on Sunday, 27 January 2013 15:47:28 UTC