[Cryptography] A Fun Trick: The Little MAC Attack

Dan Kaminsky dan at doxpara.com
Fri May 15 04:52:59 EDT 2015

On Thu, May 14, 2015 at 11:26 PM, Stephan Neuhaus <sten at artdecode.de> wrote:

> On 2015-05-11 03:17, Dan Kaminsky wrote:
>> Looks like Stevens is getting close to SHA-1 collision, meaning HMAC-SHA1
>> will collide too.
> Really? I was under the impression that the security of HMAC did NOT
> rely absolutely on the collision-resistance of the underlying hash
> function.  E.g., HMAC-MD5 is still considered OK, even though collisions
> can be produced. Is that wrong?

Not wrong at all.  There's no (known to me) security impact to HMAC
collisions, in the context of the security guarantees made by HMAC'.  It's
just if the underlying hash to HMAC collides (already bad) tnen HMAC can't
save you.

> Fun,

Now that I can confirm :)

> Stephan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20150515/73e53385/attachment.html>

More information about the cryptography mailing list