[cryptography] Key Checksums (BATON, et al)

Ethan Heilman eth3rs at gmail.com
Thu Mar 28 10:16:51 EDT 2013


Peter,

Do I understand you correctly. The checksum is calculated using a key or
the checksum algorithm is secret so that they can't generate checksums for
new keys?  Are they using a one-way function? Do you have any documentation
about this?

Thanks,
Ethan


On Wed, Mar 27, 2013 at 11:50 PM, Peter Gutmann
<pgut001 at cs.auckland.ac.nz>wrote:

> Jeffrey Walton <noloader at gmail.com> writes:
>
> >What is the reason for checksumming symmetric keys in ciphers like BATON?
> >
> >Are symmetric keys distributed with the checksum acting as a
> authentication
> >tag? Are symmetric keys pre-tested for resilience against, for example,
> >chosen ciphertext and related key attacks?
>
> For Type I ciphers the checksumming goes beyond the simple DES-style error
> control, it's also to ensure that if someone captures the equipment they
> can't
> load their own, arbitrary keys into it.
>
> Peter.
> _______________________________________________
> cryptography mailing list
> cryptography at randombit.net
> http://lists.randombit.net/mailman/listinfo/cryptography
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.randombit.net/pipermail/cryptography/attachments/20130328/8be640bf/attachment.html>


More information about the cryptography mailing list