why HMAC (Keyed-Hashing for Message Authentication)?
From: Bernhard Kuemel (darsie_at_gmx.at)
Date: 12/19/03
- Next message: Bernhard Kuemel: "Re: PGP versus the Outlook built in secure mail?"
- Previous message: Robert Lenoil: "PayPal security flaw"
- Next in thread: Panu Hämäläinen: "Re: why HMAC (Keyed-Hashing for Message Authentication)?"
- Reply: Panu Hämäläinen: "Re: why HMAC (Keyed-Hashing for Message Authentication)?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 19 Dec 2003 15:19:11 +0100
Hi!
What is the advantage of HMAC over simply passing
hash(strcat(key,message)) along with the message?
RFC2104, HMAC:
H(K XOR opad, H(K XOR ipad, text))
Namely,
(1) append zeros to the end of K to create a B byte string
(e.g., if K is of length 20 bytes and B=64, then K will be
appended with 44 zero bytes 0x00)
(2) XOR (bitwise exclusive-OR) the B byte string computed in
step
(1) with ipad
(3) append the stream of data 'text' to the B byte string
resulting
from step (2)
(4) apply H to the stream generated in step (3)
(5) XOR (bitwise exclusive-OR) the B byte string computed in
step (1) with opad
(6) append the H result from step (4) to the B byte string
resulting from step (5)
(7) apply H to the stream generated in step (6) and output
the result
-- Webspace; Low end Serverhousing ab 15 e, etc.: http://www.bksys.at Linux Admin/Programmierer: http://bksys.at/bernhard/services.html
- Next message: Bernhard Kuemel: "Re: PGP versus the Outlook built in secure mail?"
- Previous message: Robert Lenoil: "PayPal security flaw"
- Next in thread: Panu Hämäläinen: "Re: why HMAC (Keyed-Hashing for Message Authentication)?"
- Reply: Panu Hämäläinen: "Re: why HMAC (Keyed-Hashing for Message Authentication)?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
