[Cryptography] Dumb Question about Pair-Wise Authentication
Kent Borg
kentborg at borg.org
Sun Apr 5 15:46:49 EDT 2020
On 4/4/20 3:35 PM, I wrote:
> When I want to send a message I do a hash of the message plus the
> secret, and append that hash. On receipt I strip the hash, do a new
> hash of the message plus the secret and compare the result. So simple.
> What is wrong with it? Seems radical.
I received kind several replies off-list, thought I should summarize
on-list: I should use HMAC, to make length extension attacks harder.
Seems to me my simple minded hashing approach /would/ be okay but for
the fact that crytographic hashes aren't as perfect as one might want to
assume*, and length extension attacks are a consequence of these
algorithms being designed to be efficient to implement, a consequence of
them being incremental.
Thanks,
-kb, the Kent who notes that HMAC also has the virtue of being fairly
simple, making it likely to be implemented and deployed correctly.
* Though Wikipedia says SHA-3 of is not susceptible to this attack on
H(key|message).
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.metzdowd.com/pipermail/cryptography/attachments/20200405/51346325/attachment.htm>
More information about the cryptography
mailing list