more about HMAC-SHA-1 security question

What people said so far is indeed true. I understand that it is not
possible to recover the HMAC-SHA-1 key by mere knowing of one or
several random pairs of its input and output values - that hash
function would be of no use if that was possible, yet it is said to be
secure...

However, let's for now hypothetically assume an unusual scenario: that
an attacker could freely choose the input value of the hash and read
the corresponding output value. Only the function itself the attacker
has no access to (meaning reading the source code or the key in
machine code or whatever), which means that the Hash key is still a
secret. Still, could it be possible to make conclusions about the key?
For example if the attacker first tries the value 00000, then the
value 00001 and so on all of them through? Let's assume that the
attacker can choose any value he/she wants any number of times and
read its corresponding output value. Maybe little conclusions can be
made when looking at each output value that sum themselves up if the
operation is done a billion times or so?

I believe that by targeted changing of bits in the Hash input values
(in the hypothetical scenario I described) and by then analyzing the
corresponding output values it could be possible to conclude about the
HMAC-SHA-1 key. Maybe there exist sorts of defined rules which bits
change in the output streams if the key has a 0 at the beginning and
so on, even if those rules must be newly defined for each hash, key
and output value length. And in this context I'm NOT thinking of a
table where all hashes with all keys are precomputed!

Ideas?
.

Relevant Pages

  • Re: [RFC][PATCH] Make cryptoapi non-optional?
    ... > attacker to get any kind of recognized patterns. ... the random state has zero entropy until the first ... network packet arrives or the pool can be seeded from saved (and well ... SHA revealing more than zero bits of useful entropy per hash. ...
    (Linux-Kernel)
  • Re: Firewall vs. IPS - Differences now (ISS, Intrushield 2.1?)
    ... > You risk running out of memory. ... That's like saying "it's trivial to DoS Aho-Corasic if you know the ... DoS's and improvements via use of the Jenkins hash are most illuminating. ... > replacement policy gives the worst behavior since an attacker can flood ...
    (Focus-IDS)
  • Re: newbie: please help...just your opinion
    ... knowing both gives you the first key char. ... > only if the bits of rand# and pre-xor hash were different or equal... ... > presence of a new char in the ciphertext - one should try to add only ... So imagine an attack where the attacker guesses the length of the ...
    (sci.crypt)
  • Re: Short Hash codes
    ... >> computation of the hash, a password as well as sequence data known to ... > from Alice to Bob, and you want Bob to be able to verify the message is ... If the attacker were to make ... then the maximum acceptable probability level is quite small. ...
    (sci.crypt)
  • Re: Can a program prove its own integrity?
    ... > program he would have to find a way to calculate the right MAC for every ... If the attacker has access to the box, the MAC can be bypassed, ... get and build a simple program that does a SHA-1 hash of a file. ... Modify the program to calculate a hash of itself. ...
    (sci.crypt)