We introduce the notion of key stretching, a mechanism to convert short s-bit keys into longer keys, such that the complexity required to brute-force search a s + t-bit keyspace is...
John Kelsey, Bruce Schneier, Chris Hall, David Wag...
This paper gives a survey of attacks on Message Authentication Codes (MACs). First it defines the required security properties. Next it describes generic forgery and key recovery...