What makes HMAC-SHA256 a bad cipher?
- From: gquestion <googleacc@xxxxxxxxxxxx>
- Date: Mon, 4 Feb 2008 14:59:47 -0800 (PST)
What is the name of the property that HMAC-SHA256 lacks that prevents
us from using it as cipher? More specifically why shouldnt someone
use
HMAC-SHA256-CTR = XOR(HMAC-SHA256(nonce || counter, Key), plaintext)
[to simplify, assume that the size of the plaintext = 128b and the
nonce and an independent MAC are also appended to ciphertext as
usual.]
To be more specific, If both AES-256-CTR and HMAC-SHA256-CTR are
assumed to be PRF, which quality of the PRF will you say is better in
AES-256-CTR?
Second question is if a protocol uses SHA256 (say for HMAC), what good
does it do to use AES256 as well since the protocol's weakness will be
SHA256
[to simplify, assume that the number of shared key operations are the
same]
Thanks
-han
.
- Follow-Ups:
- Re: What makes HMAC-SHA256 a bad cipher?
- From: Sebastian G.
- Re: What makes HMAC-SHA256 a bad cipher?
- From: Sebastian G.
- Re: What makes HMAC-SHA256 a bad cipher?
- Prev by Date: Re: Need help securing RF telemetry
- Next by Date: Re: What makes HMAC-SHA256 a bad cipher?
- Previous by thread: Need help securing RF telemetry
- Next by thread: Re: What makes HMAC-SHA256 a bad cipher?
- Index(es):
Relevant Pages
|
