Re: MD5 and SHA-0 collisions
From: David Wagner (daw_at_taverner.cs.berkeley.edu)
Date: 09/04/04
- Next message: Bryan Olson: "Re: Is {f_k(x)=x^k mod n} a pseudorandom function family?"
- Previous message: flip: "Discrete Log Problem"
- In reply to: Paul Rubin: "Re: MD5 and SHA-0 collisions"
- Next in thread: Paul Rubin: "Re: MD5 and SHA-0 collisions"
- Reply: Paul Rubin: "Re: MD5 and SHA-0 collisions"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sat, 4 Sep 2004 19:06:16 +0000 (UTC)
Paul Rubin wrote:
>The point is that HMAC's are used for more things than simply
>authenticating that you have the secret key.
Are they? Can you give any examples?
>The user may expect that
>if two files have the same HMAC, then they are the same file, just as
>with unkeyed MD5.
The user shouldn't expect that, particularly not if they are using
MD5-HMAC. If the user is counting on HMAC to be collision-free even
when the attacker is choosing the key, the user is doing something
funny.
- Next message: Bryan Olson: "Re: Is {f_k(x)=x^k mod n} a pseudorandom function family?"
- Previous message: flip: "Discrete Log Problem"
- In reply to: Paul Rubin: "Re: MD5 and SHA-0 collisions"
- Next in thread: Paul Rubin: "Re: MD5 and SHA-0 collisions"
- Reply: Paul Rubin: "Re: MD5 and SHA-0 collisions"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
