Re: HMAC -NMAC security

From: Mark Wooding (mdw_at_nsict.org)
Date: 06/30/03

• Next message: lallous: "info about different algos"
• Previous message: clem: "Question on attacking RC4 PRNG"
• In reply to: whoami: "HMAC -NMAC security"
• Next in thread: whoami: "Re: HMAC -NMAC security"
• Reply: whoami: "Re: HMAC -NMAC security"
• Reply: Anton Stiglic: "Re: HMAC -NMAC security"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: 30 Jun 2003 10:52:13 GMT

whoami <whoami7878@yahoo.com> wrote:

> I don't understand why we need to hide the result of the inner
> function h(K2||x). I know that because of the extension attack one
> can easily find h(K2||x||y) no matter what y is but does this give
> some information on h(K1||h(K2||x||y)) which is the result of HMAC
> over x||y?

Quick overview of the thinking behind HMAC:

  * The inner layer is intended to be collision resistant. The key is
    present at this layer because finding collisions with an unknown
    initialization vector is harder than finding them if the IV is
    known.

  * The outer layer is intended to be a pseudorandom function[1], with
    fixed-length input and output. It's this layer which really
    provides the security of the construction.

  * As long as the output from the inner layer is different for
    different input messages, an adversary can't predict the tag for a
    message (because the outer layer is effectively random). If he
    finds a collision in the inner layer, he can request a tag for one
    of the colliding pair, and present the other other as his forgery.

  * Keeping the intermediate value $H(K_2 \cat x)$ secret makes it
    harder for an adversary to know whether he's found a collision.

[1] The proof that NMAC is a decent MAC only assumes that the outer
    layer works as a MAC on fixed-length inputs. However, it's the
    PRF-like property of the outer layer that means you can get away
    with things like truncating the tag.

-- [mdw]

• Next message: lallous: "info about different algos"
• Previous message: clem: "Question on attacking RC4 PRNG"
• In reply to: whoami: "HMAC -NMAC security"
• Next in thread: whoami: "Re: HMAC -NMAC security"
• Reply: whoami: "Re: HMAC -NMAC security"
• Reply: Anton Stiglic: "Re: HMAC -NMAC security"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: position layers in tables ... "Murray" wrote: ... > The language attribute is not a valid attribute for the body tag. ... > nested layers) and the closer layer from their table cells, ... (microsoft.public.frontpage.programming) Re: Mutli-Page Form Format ... There are some newsgroups (not Microsoft) where top ... except when I move from layer to layer ... Remove all margin information from the tag. ... Remove the empty paragraphs at the bottom of each layer - some ... (microsoft.public.frontpage.programming) Re: position layers in tables ... The language attribute is not a valid attribute for the body tag. ... You have indeed put this layer into a table cell, ... not be placed into table cells. ... (microsoft.public.frontpage.programming) Re: Search and Replace in a text. ... First, I need find the the "Layer:" tag in the orginal text file, then ... text string is "TV-Frame" in the "Text 1".). ... Flags: 0x0 ... (comp.lang.python) Re: Drop Down Menus ... You could use something as simple and trouble free as a form's select tag, ... or you could use a combination of javascript and absolutely positioned page ... is to hide the layer after reading your choices. ... > You click on it and it gets bigger but also says "product liability" ... (microsoft.public.frontpage.programming)

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint