Hashing with CBC-MAC

Sometimes people try to use CBC-MAC as a hash function.

This is a bad idea. Matt Green explains:

To make a long story short: cryptographic hash functions are public functions (i.e., no secret key) that have the property of collision-resistance (it's hard to find two messages with the same hash). MACs are keyed functions that (typically) provide message unforgeability -- a very different property. Moreover, they guarantee this only when the key is secret.

Let's try a simple exercise.

Hash functions are often used for code verification. This snippet of JavaScript (with newline):

alert('MZA who was that?');

Hashes to 296b8d7cb78a243dda4d0a61d33bbdd1 under CBC-MAC with a key of "YELLOW SUBMARINE" and a 0 IV.

Forge a valid snippet of JavaScript that alerts "Ayo, the Wu is back!" and hashes to the same value. Ensure that it runs in a browser.

Extra Credit

Write JavaScript code that downloads your file, checks its CBC-MAC, and inserts it into the DOM iff it matches the expected hash.

Cryptography Services | NCC Group