Re: Strength of HMAC-SHA1-32



freeat12five <freeat12five@xxxxxxxxx> wrote:
That is indeed a great point. I think the real issue is in fact the
MAC tag length, but have started from the wrong end. We are not
concerned about encryption. It is an integrity and authentication
issue.

If you can have a sufficiently long key, a 32-bit HMAC-SHA1-32 will
ensure that the attacker can forge MAC tags with probability at most
2^(-32). If you can live with that forgery probability (few packets,
not so big a problem if a few packets are forged, etc.), then you
can probably live with HMAC-SHA1-32.

--
Kristian Gjøsteen
.



Relevant Pages

  • Re: encrypted integrity check = authentication ?
    ... My authentication value is the encrypted sha1with key K ... Encrypting hashes is not a good way to ensure integrity or authentication. ... (Only Alice and I know the secret key. ... I would never create a MAC tag on this message. ...
    (sci.crypt)
  • Re: MAC / MIC / MD for short messages
    ... if you did say HMAC-SHA1-32 on 2 byte payloads you are using 200% of ... I'd use larger packets, or if delivery is guaranteed use a MAC over ... You could get away with truncated the MAC tag somewhat since your ...
    (sci.crypt)