[Cryptography] Dumb Question about Pair-Wise Authentication

Kent Borg kentborg at borg.org
Sun Apr 5 15:46:49 EDT 2020


On 4/4/20 3:35 PM, I wrote:
> When I want to send a message I do a hash of the message plus the 
> secret, and append that hash. On receipt I strip the hash, do a new 
> hash of the message plus the secret and compare the result. So simple. 
> What is wrong with it? Seems radical.

I received kind several replies off-list, thought I should summarize 
on-list: I should use HMAC, to make length extension attacks harder.

Seems to me my simple minded hashing approach /would/ be okay but for 
the fact that crytographic hashes aren't as perfect as one might want to 
assume*, and length extension attacks are a consequence of these 
algorithms being designed to be efficient to implement, a consequence of 
them being incremental.

Thanks,

-kb, the Kent who notes that HMAC also has the virtue of being fairly 
simple, making it likely to be implemented and deployed correctly.


* Though Wikipedia says SHA-3 of is not susceptible to this attack on 
H(key|message).

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.metzdowd.com/pipermail/cryptography/attachments/20200405/51346325/attachment.htm>


More information about the cryptography mailing list