Re: HMAC -NMAC security
From: whoami (whoami7878_at_yahoo.com)
Date: 06/30/03
- Next message: David Hopwood: "Re: Stream cipher against block cipher"
- Previous message: Andrew Swallow: "Re: Maybe we only need PCBC..."
- In reply to: Mark Wooding: "Re: HMAC -NMAC security"
- Next in thread: Anton Stiglic: "Re: HMAC -NMAC security"
- Reply: Anton Stiglic: "Re: HMAC -NMAC security"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: 30 Jun 2003 08:06:44 -0700
mdw@nsict.org (Mark Wooding) wrote in message news:<slrnbg05it.18j.mdw@tux.nsict.org>...
In the paper "Keying Hash Functions for Message Authentication", it is
written that the extension attack is prevented through the outer
function , which avoids the exposure of the result of the inner
function. But knowing h(K2||x) doesn't help the attacker to find
h(K1||h(K2||x))?
* Keeping the intermediate value $H(K_2 \cat x)$ secret makes it
> harder for an adversary to know whether he's found a collision.
> -- [mdw]
What hard means here? How easy is finding a collision for this inner
function? Is there any papers explaining the number of trials needed
to find a collision for hash functions and in particular this inner
function?
Thanks again,
Melek
- Next message: David Hopwood: "Re: Stream cipher against block cipher"
- Previous message: Andrew Swallow: "Re: Maybe we only need PCBC..."
- In reply to: Mark Wooding: "Re: HMAC -NMAC security"
- Next in thread: Anton Stiglic: "Re: HMAC -NMAC security"
- Reply: Anton Stiglic: "Re: HMAC -NMAC security"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
