Hello, Pzz, you wrote:> In this case, whether usage MAC for each message superfluous is? Why control of integrity of the message by means of more simple primitives (MIC, the digest proof ) is not used simply? What for __ the message separately? How attack if instead of MAC for each message it will be used MIC can look? Pzz> MAC normally it turns out, as almost the free supplement to enciphering of a packet by the block cipher in any reasonable mode. And if it is used block chaining in any type enciphering of the last unit hammered any padding' and gives MAC. I.e., in comparison with the block cipher overhead - enciphering of the superfluous unit. Pzz> Proof too suits with What the protocol if instead of MAC (which the essence is one-sided conversion from a key and the crude text) it will be used (being one-sided conversion from the crude text without any additional keys) will be replenished. Or in other words: what unique useful function carries in itself a key used in MAC provided that this MAC is allocated in the ciphered part of the message, it is produced by the reliable cipher and encrypting keys already in advance . Like as in such conditions additional the key for MAC does not introduce any . (I imply that a key by which the body of the message and a key used for MAC is ciphered are different keys) Pzz> Words MIC and everything can be called, everything, therefore the further reasonings depend on decryption of this term. Pzz> In early versions WiFi as MIC' it was used CRC32. As it is linear, that it is possible to change packet contents, without knowing encrypting key, and to correct MIC in appropriate way so that the packet will look "complete". And it opens ample opportunities if to guess (for example, on the size of a packet), in what place in it it is necessary to achieve interesting results (for example to replace $100 with $999). Under MIC meant ' message integrity code ', CRC32 is basically it and is, but adjusted for instead of CRC32 it is better to consider .