[Cryptography] A Fun Trick: The Little MAC Attack

John Ioannidis ji at tla.org
Sat May 9 12:53:36 EDT 2015

On Thu, May 7, 2015 at 8:14 PM, Dan Kaminsky <dan at doxpara.com> wrote:

> Practical HMAC-MD5 Collisions!
> Not that they should ever matter...
> http://dankaminsky.com/2015/05/07/the-little-mac-attack/

The Little HMAC that Could (collide?) :)

Very cute. And while this particular case does not (should not?) have any
RW security impact, it does show how we should never be complacent about
using stuff in ways it was not meant to be used, which is unfortunately
all-too-common in our field.

A bit off-topic: I particularly like how you use python examples, with
cut-and-paste-able code. I wish more people would do that.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20150509/6180e60e/attachment.html>

More information about the cryptography mailing list