[cryptography] "stream MAC" - does anything like it exist?

Chris Palmer chris at noncombatant.org
Sun Sep 12 21:15:13 EDT 2010

James A. Donald writes:

> What he wants is the that probability is cumulative - that each short 
> field not only validates the latest packet, but strengthens the 
> probability that all previous accepted packets were correct.

Schneier and Kelsey described a potentially-similar-enough technique:


In their case, they were verifying the integrity of a sequence of log
entries instead of media frames. But maybe that is close enough to Travis'
problem to be of use.

I agree with Bellovin that truncating the MAC is of little benefit except in
bandwidth-constrained applications --- truncating the MAC decreases its
protective power. There may be situations in which it's a fine trade-off, of

This survey paper has more references:



More information about the cryptography mailing list