[15941] in cryptography@c2.net mail archive
Re: HMAC?
daemon@ATHENA.MIT.EDU (Amir Herzberg)
Tue Aug 17 10:24:10 2004
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
Date: Tue, 17 Aug 2004 16:03:08 +0200
From: Amir Herzberg <herzbea@macs.biu.ac.il>
To: "Perry E. Metzger" <perry@piermont.com>
Cc: cryptography@metzdowd.com
In-Reply-To: <877jryo5tn.fsf@snark.piermont.com>
This is a multi-part message in MIME format.
--------------050003070000030404080508
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Perry E. Metzger wrote:
> So the question now arises, is HMAC using any of the broken hash
> functions vulnerable?
Considering that HMAC goal is `only` a MAC (shared key authentication),
the existence of any collision is not very relevant to its use. But
furthermore, what HMAC needs from the hash function is only that it will
be hard to find collision when using an unknown, random key; clearly the
current collisions are far off from this situation.
So, finding specific collisions in the hash function should not cause
too much worry about its use in HMAC. Of course, if this would lead to
finding many collisions easily, including to messages with random
prefixes, this could be more worrying...
--
Best regards,
Amir Herzberg
Associate Professor, Computer Science Dept., Bar Ilan University
http://amirherzberg.com (information and lectures in cryptography &
security)
Mirror site: http://www.mfn.org/~herzbea/
--------------050003070000030404080508
Content-Type: text/x-vcard; charset=utf-8;
name="herzbea.vcf"
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
filename="herzbea.vcf"
begin:vcard
fn:Amir Herzberg
n:Herzberg;Amir
org:Bar Ilan University;Computer Science
adr:;;;Ramat Gan ;;52900;Israel
email;internet:herzbea@cs.biu.ac.il
title:Associate Professor
tel;work:+972-3-531-8863
tel;fax:+972-3-531-8863
x-mozilla-html:FALSE
url:http://AmirHerzberg.com , mirror: http://www.mfn.org/~herzbea/
version:2.1
end:vcard
--------------050003070000030404080508--
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
