2004-08-16 07:02:33 UTC
I designed a simple Message Autentication Code from the RC4 Stream
Ciper. I'd like to know if (even if the proceeding is
straightforeward) the MAC can be considered as reasonably secure.
MAC creation is as follows:
- Assume a private shared key
- Assume we have a plaintext is a multiple of 1024 bytes (yes, that
- Create the ciphertext from the plaintext using RC4.
- Divide the ciphertext in 1024 byte blocks and XOR these
- Finally, you obtain a 1024 byte block "MAC"
... for me that sounds OK (as long as RC4 is OK), please tell me if
you think otherwise. If I get that right, you could create virtually
any size of MAC with that, can you?
[ Editor's note: Alas, the scheme you describe is not secure.
An attacker can replace the message transmitted with any other
message whose blocks XOR to the same thing, and the change will
go undetected by the recipient -- a security failure. Stick to
SHA1-HMAC, AES-OMAC, or some other standard MAC. --DW ]