HMAC?
Amir Herzberg
herzbea at macs.biu.ac.il
Tue Aug 17 10:03:08 EDT 2004
Perry E. Metzger wrote:
> So the question now arises, is HMAC using any of the broken hash
> functions vulnerable?
Considering that HMAC goal is `only` a MAC (shared key authentication),
the existence of any collision is not very relevant to its use. But
furthermore, what HMAC needs from the hash function is only that it will
be hard to find collision when using an unknown, random key; clearly the
current collisions are far off from this situation.
So, finding specific collisions in the hash function should not cause
too much worry about its use in HMAC. Of course, if this would lead to
finding many collisions easily, including to messages with random
prefixes, this could be more worrying...
--
Best regards,
Amir Herzberg
Associate Professor, Computer Science Dept., Bar Ilan University
http://amirherzberg.com (information and lectures in cryptography &
security)
Mirror site: http://www.mfn.org/~herzbea/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: herzbea.vcf
Type: text/x-vcard
Size: 343 bytes
Desc: not available
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20040817/4b10c344/attachment.vcf>
More information about the cryptography
mailing list