[Cryptography] Why is a short HMAC key zero-padded instead of hashed?
Ron Garret
ron at flownet.com
Thu Feb 2 17:14:45 EST 2017
On Feb 2, 2017, at 2:10 PM, Francisco Corella <fcorella at pomcor.com> wrote:
> Please keep in mind that HMAC is also standardized in NIST FIPS 198-1.
> Let's not introduce unnecessary confusion by putting standards out of
> sync. I don't see any reason for changing HMAC. Regarding the
> message that started this thread, there is a clear reason for padding
> the key with zeros when shorter than the block size rather than
> hashing it: hashing has a substantial computational cost. Supposedly
> "simplifying the code" is not an argument for introducing an
> unnecessary hash.
If that’s your quality metric, why hash a long key then instead of just (say) truncating it?
rg
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20170202/f56317fd/attachment.html>
More information about the cryptography
mailing list