Re: HMAC -NMAC security
From: whoami (whoami7878_at_yahoo.com)
Date: 30 Jun 2003 08:06:44 -0700
firstname.lastname@example.org (Mark Wooding) wrote in message news:<email@example.com>...
In the paper "Keying Hash Functions for Message Authentication", it is
written that the extension attack is prevented through the outer
function , which avoids the exposure of the result of the inner
function. But knowing h(K2||x) doesn't help the attacker to find
* Keeping the intermediate value $H(K_2 \cat x)$ secret makes it
> harder for an adversary to know whether he's found a collision.
> -- [mdw]
What hard means here? How easy is finding a collision for this inner
function? Is there any papers explaining the number of trials needed
to find a collision for hash functions and in particular this inner