Academic Integrity: tutoring, explanations, and feedback — we don’t complete graded work or submit on a student’s behalf.

I\'m having difficulties finding clear answers to some questions about the const

ID: 652941 • Letter: I

Question

I'm having difficulties finding clear answers to some questions about the construction of HMACs:

Assuming we have one key for encryption and one key for message integrity checks, and we are using AES in counter mode. As far as I understand, when creating the HMAC for a message, one should utilize all available information: The encrypted message, the key, the nonce and the counter.

1. In effect, does this mean that a separate HMAC must be created for every single message, i.e. all 16 bytes?
2. If this is true, how would the security of a scheme evaluated in which the HMAC would be calculated over arbitrary multiples of 16 bytes, for example only every 160 bytes?
3. And at last, going even further, what would be the weaknesses of using merely the encrypted message (and the key, for sure) for the HMAC calculation, thus leaving out the initialization vector?

Maybe someone can shed some light on this, I have seen people doing exactly this (for example one HMAC (no counter, no nonce) for a whole file), but I'm unsure about the correctness.

Thanks in advance!

Explanation / Answer

In effect, does this mean that a separate HMAC must be created for every single message, i.e. all 16 bytes?

No, you can use HMAC over the whole message with all its blocks.

Of course, that means you can't localize corruption/tampering, so if you were sending a huge message you might want HMAC smaller parts (but longer than 16 bytes or you are transmitting more hash than message), so that you can retransmit only the incorrect part.

And at last, going even further, what would be the weaknesses of using merely the encrypted message (and the key, for sure) for the HMAC calculation, thus leaving out the initialization vector?

If you received a message n||Ek,n(m)||Hk(Ek,n(m)), you would only be able to authenticate the ciphertext. If an attacker had tampered with the nonce n, AES CTR would happily decrypt your message but give you random data.

Related Questions

I\'m having a hard time with this one figuring out which equations to use where,
Question #1313997
I\'m having a hard time with this problem: Suppose the system 2X(g) + Y(g) <----
Question #75717
I\'m having a hard time writing these last two methods in java. ________________
Question #3619534
I\'m having a hell of a problem... Recently, my computer has started freezing wh
Question #3631933
I\'m having a little difficulty with this assignment: \"You will create the Shou
Question #3582508
I\'m having a little problem solving this problem: Can you please break it down
Question #1698663
I\'m having a little trouble figuring out part B of this. I already determined t
Question #2227895
I\'m having a little trouble figuring this problem out... The density and associ
Question #629269
Hire Me For All Your Tutoring Needs
Integrity-first tutoring: clear explanations, guidance, and feedback.
Drop an Email at
drjack9650@gmail.com
Chat Now And Get Quote

Navigate

Previous
I\'m having difficulties creating a couple of python functions for scientific co
Next
I\'m having difficulty determing which formula(s) to useto solve this problem. T

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.