HMAC?
Ben Laurie
ben at algroup.co.uk
Thu Aug 26 07:41:34 EDT 2004
Amir Herzberg wrote:
> Perry E. Metzger wrote:
>
>> So the question now arises, is HMAC using any of the broken hash
>> functions vulnerable?
>
> Considering that HMAC goal is `only` a MAC (shared key authentication),
> the existence of any collision is not very relevant to its use. But
> furthermore, what HMAC needs from the hash function is only that it will
> be hard to find collision when using an unknown, random key; clearly the
> current collisions are far off from this situation.
>
> So, finding specific collisions in the hash function should not cause
> too much worry about its use in HMAC. Of course, if this would lead to
> finding many collisions easily, including to messages with random
> prefixes, this could be more worrying...
Hmmm ... if you could persuade your victim to use a key that was known
to be a suitable prefix for finding collisions...
Cheers,
Ben.
--
http://www.apache-ssl.org/ben.html http://www.thebunker.net/
"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list