Re: HMAC-SHA-1 security question

From: "Joseph Ashwood" <ashwood@xxxxxxx>
Date: Mon, 24 Mar 2008 04:30:30 -0700

<osmo.sis@xxxxxxxxx> wrote in message news:b9e7d3c5-5f4d-4c4a-868e-2dee0b940ee0@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

Hi
I'd have an interesting question.

We know that HMAC-SHA 1 is a hash value H, computed from a base input
value V and a secret key K.
In formula: H = HAMC-SHA-1(K, V).

Now, let us assume an attacker knows H and V. Only the K is unknown.
I'd like to know if there was any possibility to make conclusions
about the secret key K?
Or, furthermore, do values for H and V exist that make it possible to
conclude about K? Even if it was just one bit one can make conclusions
about? Any ideas?

Please, I'd like to hear some input on this from somebody...

If you look at the updated HMAC proof it makes it rather clear. If such an attack were found it would be major cryptographic news, and mean that SHA-1 is completely and utterly broken. Right now SHA-1 is wounded, but certainly not broken to this degree.
Joe

.

Follow-Ups:
- more about HMAC-SHA-1 security question
  - From: osmo . sis

References:
- HMAC-SHA-1 security question
  - From: osmo . sis

Prev by Date: Re: my KDF vs dictionary attacks
Next by Date: Re: my KDF vs dictionary attacks
Previous by thread: Re: HMAC-SHA-1 security question
Next by thread: more about HMAC-SHA-1 security question
Index(es):
- Date
- Thread

Relevant Pages

Re: On the risks of using a hash function as a MAC
... > SHA-1 with a secret key is dangerous or not. ... that could be used by the attacker to recover that key (if the ... imply that SHA-1 is no valid hash function. ...
(sci.crypt)
Re: HMAC-SHA-1 security question
... We know that HMAC-SHA 1 is a hash value H, computed from a base input ... value V and a secret key K. ...
(sci.crypt)
HMAC-SHA-1 security question
... We know that HMAC-SHA 1 is a hash value H, computed from a base input ... value V and a secret key K. ...
(sci.crypt)