# Re: Strength of HMAC-SHA1-32

*From*: Kristian Gjøsteen <kristiag+news@xxxxxxxxxxxx>*Date*: Tue, 18 Nov 2008 13:09:11 +0000 (UTC)

freeat12five <freeat12five@xxxxxxxxx> wrote:

That is indeed a great point. I think the real issue is in fact the

MAC tag length, but have started from the wrong end. We are not

concerned about encryption. It is an integrity and authentication

issue.

If you can have a sufficiently long key, a 32-bit HMAC-SHA1-32 will

ensure that the attacker can forge MAC tags with probability at most

2^(-32). If you can live with that forgery probability (few packets,

not so big a problem if a few packets are forged, etc.), then you

can probably live with HMAC-SHA1-32.

--

Kristian Gjøsteen

.

**Follow-Ups**:**Re: Strength of HMAC-SHA1-32***From:*David Wagner

**Re: Strength of HMAC-SHA1-32***From:*Ilmari Karonen

**References**:**Strength of HMAC-SHA1-32***From:*freeat12five

**Re: Strength of HMAC-SHA1-32***From:*Kristian Gjøsteen

**Re: Strength of HMAC-SHA1-32***From:*freeat12five

- Prev by Date:
**Re: Strength of HMAC-SHA1-32** - Next by Date:
**Wanted Known** - Previous by thread:
**Re: Strength of HMAC-SHA1-32** - Next by thread:
**Re: Strength of HMAC-SHA1-32** - Index(es):