<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
<div class="moz-cite-prefix">On 4/4/20 3:35 PM, I wrote:<br>
</div>
<blockquote type="cite"
cite="mid:b9352972-3081-6032-b4ff-d7cc988ecd93@borg.org">When I
want to send a message I do a hash of the message plus the secret,
and append that hash. On receipt I strip the hash, do a new hash
of the message plus the secret and compare the result. So simple.
What is wrong with it? Seems radical. <br>
</blockquote>
<p>I received kind several replies off-list, thought I should
summarize on-list: I should use HMAC, to make length extension
attacks harder.</p>
<p>Seems to me my simple minded hashing approach <i>would</i> be
okay but for the fact that crytographic hashes aren't as perfect
as one might want to assume*, and length extension attacks are a
consequence of these algorithms being designed to be efficient to
implement, a consequence of them being incremental.</p>
<p>Thanks,</p>
<p>-kb, the Kent who notes that HMAC also has the virtue of being
fairly simple, making it likely to be implemented and deployed
correctly.</p>
<p><br>
</p>
<p>* Though Wikipedia says SHA-3 of is not susceptible to this
attack on H(key|message).<br>
</p>
</body>
</html>