[Cryptography] A Fun Trick: The Little MAC Attack
Phillip Hallam-Baker
phill at hallambaker.com
Fri May 8 22:37:27 EDT 2015
On Thu, May 7, 2015 at 8:14 PM, Dan Kaminsky <dan at doxpara.com> wrote:
> Practical HMAC-MD5 Collisions!
>
> Not that they should ever matter...
>
> http://dankaminsky.com/2015/05/07/the-little-mac-attack/
There is actually a mode where they could matter. There exist
applications where a MAC is used as the digest for a signature. This
enables a mode where the signature can only be verified by someone who
knows the secret without the loss of non-repudiation that a straight
HMAC entails.
More information about the cryptography
mailing list