Two new attacks are given on a cipher block chaining-message authentication
code algorithm which is in the final stages of being standardised as MAC a
lgorithm 4 in ISO/IEC FDIS 9797-1. The attacks are significantly more effic
ient than previously known attacks, which means that the inclusion of this
scheme in the standard will need to be reconsidered.