Re: HMAC -NMAC security
From: Michael Amling (nospam_at_nospam.com)
Date: 07/01/03
- Next message: Psybar Phreak: "one more question"
- Previous message: Jim Steuert: "Re: A new public key algorithm based on avalanche properties"
- Next in thread: whoami: "Re: HMAC -NMAC security"
- Maybe reply: whoami: "Re: HMAC -NMAC security"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 01 Jul 2003 05:00:01 GMT
whoami wrote:
> mdw@nsict.org (Mark Wooding) wrote in message news:<slrnbg05it.18j.mdw@tux.nsict.org>...
>
>
> In the paper "Keying Hash Functions for Message Authentication", it is
> written that the extension attack is prevented through the outer
> function , which avoids the exposure of the result of the inner
> function. But knowing h(K2||x) doesn't help the attacker to find
> h(K1||h(K2||x))?
>
> * Keeping the intermediate value $H(K_2 \cat x)$ secret makes it
>
>> harder for an adversary to know whether he's found a collision.
>>-- [mdw]
>
>
>
> What hard means here? How easy is finding a collision for this inner
> function? Is there any papers explaining the number of trials needed
> to find a collision for hash functions and in particular this inner
> function?
If the inner hash is MD5 or SHA-1, finding collisions is pretty hard.
No collisions have ever been found.
--Mike Amling
- Next message: Psybar Phreak: "one more question"
- Previous message: Jim Steuert: "Re: A new public key algorithm based on avalanche properties"
- Next in thread: whoami: "Re: HMAC -NMAC security"
- Maybe reply: whoami: "Re: HMAC -NMAC security"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
