Re: Compatibility between different providers



On 2010-02-08, Peac <peac1972@xxxxxxxxxxxxxxxxxx> wrote:
On 7 Feb, 22:50, Ilmari Karonen <usen...@xxxxxxxxxxxxxx> wrote:
Anyway, you could also use the code I suggested in my last post; that
should be compatible with any RFC 2104 -compliant implementation, and
would save you from having to deal with HCRYPTKEYs at all. All you'd
need is a plain old unkeyed MD5 implementation, which even Microsoft
should be able to provide.

Thank you for your reply.
Pardon, my ignorance - but what's the difference between a keyed hash & an
unkeyed hash?

I was using the term "unkeyed hash" simply to emphasize the difference
between an ordinary hash like MD5 (which takes only one parameter: the
input string) and a MAC like HMAC-MD5 (which takes an additional
parameter: the key).

Here's the pseudocode again, for reference:

byte[64] ipad = ((byte) 0x5c).repeat(64);
byte[64] opad = ((byte) 0x36).repeat(64);

byte[16] HMAC_MD5 (byte[] key, byte[] input) {

Does the key parameter to the HMAC_MD5 function represent
a password or a symmetric key derived from a password?

It can be basically anything, as long as it has sufficient entropy not
to be guessable by brute force. It could be a passphrase, or some key
derived from a passphrase, or a random key stored in a keyfile, etc.
HMAC isn't too picky about what you give it as the key, since that key
is going to be fed to a hash function anyway.

if (key.length > 64) {
MD5Hash keyHash = new MD5Hash ();
keyHash.addData(key);
key = keyHash.getResult();
}
byte[64] expKey = key.padToLength(64);

You don't seem to be using this expKey anywhere?

Oops, sorry. Both of the occurrences of "key" below this line should
read "expKey" instead. I've made the change below:

MD5Hash innerHash = new MD5Hash ();
innerHash.addData(expKey.xor(ipad));
innerHash.addData(input);
byte[16] temp = innerHash.getResult();

MD5Hash outerHash = new MD5Hash ();
outerHash.addData(expKey.xor(opad));
outerHash.addData(temp);
return outerHash.getResult();
}

BTW, I just thought of something... _if_ the Microsoft implementation
is simply hashing the key regardless of its length, while the Java
implementation follows RFC 2104 and only hashes it if it's longer than
64 bytes, then you might be able to make the Java implementation
behave the same as the Microsoft one (at a small performance cost)
simply by hashing the key in advance. It might be worth a try. I'm
not sure why I didn't think of that when I wrote my last post.

--
Ilmari Karonen
To reply by e-mail, please replace ".invalid" with ".net" in address.
.