Score:0

Has reducing MAC size and increasing message size the same effect on security?

ph flag

I am evaluating ways to reduce the overhead of (H)MACs on small messages. I was primarily wondering if there is a difference between halving the MAC length or keeping the same MAC length but using it to authenticate a message of twice the size.

My initial thought was that the message/MAC ration would be the same though then it occured to me that this is probably not the complete picture as each individual package would be simpler to attack. Therefore I would probably have to discard both packages if one if them fail an integrity check.

Is my last conclusion correct for them to behave identically or am I missing something?

SAI Peregrinus avatar
si flag
MAC security is independent of message size.
kelalaka avatar
in flag
You should be careful about truncating the MAC output, You may give huge advantage to the attacker. Still your question is not clear or wide to answer!
Septatrix avatar
ph flag
@kelalaka I was more thinking about shrinking the output by using a different Algo (e.g. SHA-512 → SHA-256) though I think SAI Peregrinus already cleared up my misunderstanding
mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.