-
-
@BRIAN_____@marshray@trevp__@kyhwana@tqbf Once you assume the underlying compression function is a PRF, you assume the rest from there. -
@justintroutman@BRIAN_____@marshray@trevp__@kyhwana@tqbf don't most HMAC security proofs have to assume underlying comp. fn is a PRF? -
New conversation -
-
-
@BRIAN_____@marshray Truncated PRF is a PRF, HMAC is a PRF, PRFs are MACs, eg http://link.springer.com/chapter/10.1007%2F978-3-642-01440-6_10 … or http://spark-university.s3.amazonaws.com/stanford-crypto/slides/05-integrity-v2-annotated.pdf …Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
@BRIAN_____@marshray@trevp__@kyhwana@tqbf I think you'll enjoy reading this paper by Rogaway: http://web.cs.ucdavis.edu/~rogaway/papers/modes.pdf …Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
@BRIAN_____@marshray@trevp__@kyhwana@tqbf The idea there is that you can't identify internal collisions in the output anymore.Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
@BRIAN_____@marshray@trevp__@kyhwana@tqbf Although there's no proof, truncation may actually improve security against birthday attacks.Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
@BRIAN_____@marshray@trevp__@kyhwana@tqbf AFAIK, there's no proof for AEAD modes like there is for HMAC.Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
@BRIAN_____@trevp__@kyhwana@tqbf That RFC cites a paper that looks like it might contain a proof, but I didn't find the text online.Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.