Attacking CBC-MAC


  • In this project you will implement an attack showing that basic CBC-MAC is not secure when used to authenticate/verify messages of different lengths.

  • Specifically, you will be given the ability to obtain tags (with respect to some unknown key) for any 2-block (32 byte) message of your choice; your goal is to forge a valid tag (with respect to the same key) on the 4-block (64 byte) message "I, the server, hereby agree that I will pay $100 to this student." (Omit the final period and quotation marks. You should verify that the message contains exactly 64 ASCII characters.)

  • You will also be given access to a verification routine that you can use to verify your solution.

  • All the files needed for this project will be available in a cbc-mac directory on the container, including a README file explaining what each file does.

  • Note that this assignment requires the ability to perform basic networking in order to connect to the server and send/receive messages.
  • Stub code is provided for doing basic networking in C, Python, and Ruby, but you are welcome to use any language of your choice.

  • Tip: You can find the IP address and port numbers to use in the stub code provided.


  • Click Here to launch a web emulation terminal to develop and compile your client code on.
  • Note: This container will be available for use for around 2 hours. You can always start a new container if required, but you will need to transfer your code to the new container.

  • Click Here for instructions on saving your work and transferring it to a new container.