interesting HMAC attack results
Perry E. Metzger
perry at piermont.com
Fri Sep 22 09:42:03 EDT 2006
http://eprint.iacr.org/2006/319
Cryptology ePrint Archive: Report 2006/319
Forgery and Partial Key-Recovery Attacks on HMAC and NMAC Using Hash Collisions
Scott Contini and Yiqun Lisa Yin
Abstract. In this paper, we analyze the security of HMAC and NMAC,
both of which are hash-based message authentication codes. We present
distinguishing, forgery, and partial key recovery attacks on HMAC and
NMAC using collisions of MD4, MD5, SHA-0, and reduced SHA-1. Our
results demonstrate that the strength of a cryptographic scheme can be
greatly weakened by the insecurity of the underlying hash function.
[I Heard about this paper from ekr's blog.]
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list