[Cryptography] A Fun Trick: The Little MAC Attack
Dan Kaminsky
dan at doxpara.com
Sun May 10 21:17:32 EDT 2015
On Saturday, May 9, 2015, John Ioannidis <ji at tla.org> wrote:
>
>
> On Thu, May 7, 2015 at 8:14 PM, Dan Kaminsky <dan at doxpara.com
> <javascript:_e(%7B%7D,'cvml','dan at doxpara.com');>> wrote:
>
>> Practical HMAC-MD5 Collisions!
>>
>> Not that they should ever matter...
>>
>> http://dankaminsky.com/2015/05/07/the-little-mac-attack/
>>
>>
>
> The Little HMAC that Could (collide?) :)
>
Haha!
Looks like Stevens is getting close to SHA-1 collision, meaning HMAC-SHA1
will collide too.
>
> Very cute. And while this particular case does not (should not?) have any
> RW security impact, it does show how we should never be complacent about
> using stuff in ways it was not meant to be used, which is unfortunately
> all-too-common in our field.
>
HMAC actually encodes a bunch of very interesting and useful design
constraints; lose the constraints and there's hell to pay. That is indeed
not specific to HMAC.
>
> A bit off-topic: I particularly like how you use python examples, with
> cut-and-paste-able code. I wish more people would do that.
>
Thanks, it's not often you have something simple enough that it *could* be
documented this way.
There's this insanely cool JS embeddable Python environment called Skulpt,
I'd have used that if it worked on Wordpress.com.
>
> /ji
>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20150510/5605f96a/attachment.html>
More information about the cryptography
mailing list