Hello, I would like to propose a new class under Chapter 14 (Security and Encryption). The new class should be known as MAC:: (for Message Authentication Code).
Message Authentication Code (MAC) is used to provide authenticity of a stream of data, be it a file or just a string of characters. Just hashing the data (using MD5 or SHA-1) would be no good because an adversary could just recompute a new hash for the substituted data. With MAC, a secret key, known only to the two communicating parties, is appended at the beginning and at the end of the message, and the resulting message is hashed using MD5, SHA-1, RIPEMD160, or any one-way hashing function. At first, it is logical to place MAC algorithms on the Digest:: class. One well-known MAC algorithm is HMAC, using either MD5 or SHA-1 as underlying primitives. However, the latest trend in MAC today is block cipher-based. This means that the underlying crypto primitive is a block cipher while providing message authentication. The standard block cipher-based in use today is OMAC (One-key CBC MAC). Other MAC algorithms like this are: RMAC, OCB, PMAC, TMAC, TTMAC, UMAC, and EMAC. I would, therefore, strongly suggest that MACs be categorized as a new class, because MACs no longer depend on one-way hash functions. Furthermore, the block cipher-based MACs are also used as "modes of operations", just like ECB, CBC, and CFB. The Crypt::CBC module by Lincoln Stein, for instance, is placed under Crypt:: because it was exclusively used with block ciphers. Now, with the addition of these new modes of operations, which also function as MACs, they cannot be classfied under Crypt:: either. JCDUQUE ____________________________________________________________ Get advanced SPAM filtering on Webmail or POP Mail ... Get Lycos Mail! http://login.mail.lycos.com/r/referral?aid=27005
