[Cryptography] Why is a short HMAC key zero-padded instead of hashed?
Francisco Corella
fcorella at pomcor.com
Fri Feb 3 15:53:55 EST 2017
> On Feb 2, 2017, at 2:14 PM, Ron Garret <ron at flownet.com> wrote:
>
> If that’s your quality metric, why hash a long key then instead of just (say) truncating it?
>
If you truncate you may lose entropy. Take the case of HMAC-SHA256,
where the block size is 512 bits, i.e. 32 bytes. Suppose the key
consists of the concatenation of two passphrases, each encoded in 32
bytes, and each having 50 bits of entropy, for a total of 64 bytes
with 100 bits of entropy. If you truncate you lose one of the
passphrases, so the truncated key only has 50 bits of entropy. If you
hash, you keep all 100 bits of entropy.
Francisco
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20170203/be9831f3/attachment.html>
More information about the cryptography
mailing list