You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
5. Truncated output
A well-known practice with message authentication codes is to
truncate the output of the MAC and output only part of the bits
..... We recommend that
the output length t be not less than half the length of the hash
output (to match the birthday attack bound) and not less than 80 bits
(a suitable lower bound on the number of bits that need to be
predicted by an attacker).
So, is 256 bits necessary under the MAC security game? (where the attacker doesn't know the key, so he needs to attack not not blake3 but all family of blake3_key, so it sounds like some birthday attack between key space and output space) but I'm really not a crypt-analyst :)
The text was updated successfully, but these errors were encountered:
The crate provides https://docs.rs/blake3/latest/blake3/fn.keyed_hash.html as a MAC function, which returns 256 bits.
while:
So, is 256 bits necessary under the MAC security game? (where the attacker doesn't know the key, so he needs to attack not not blake3 but all family of blake3_key, so it sounds like some birthday attack between key space and output space) but I'm really not a crypt-analyst :)
The text was updated successfully, but these errors were encountered: