[cryptography] Key Checksums (BATON, et al)

Peter Gutmann pgut001 at cs.auckland.ac.nz
Wed Mar 27 23:50:44 EDT 2013

Jeffrey Walton <noloader at gmail.com> writes:

>What is the reason for checksumming symmetric keys in ciphers like BATON?
>Are symmetric keys distributed with the checksum acting as a authentication
>tag? Are symmetric keys pre-tested for resilience against, for example,
>chosen ciphertext and related key attacks?

For Type I ciphers the checksumming goes beyond the simple DES-style error
control, it's also to ensure that if someone captures the equipment they can't
load their own, arbitrary keys into it.


More information about the cryptography mailing list