Considering that HMAC goal is `only` a MAC (shared key authentication), the existence of any collision is not very relevant to its use. But furthermore, what HMAC needs from the hash function is only that it will be hard to find collision when using an unknown, random key; clearly the current collisions are far off from this situation.So the question now arises, is HMAC using any of the broken hash functions vulnerable?
So, finding specific collisions in the hash function should not cause too much worry about its use in HMAC. Of course, if this would lead to finding many collisions easily, including to messages with random prefixes, this could be more worrying...
-- Best regards,
Amir Herzberg
Associate Professor, Computer Science Dept., Bar Ilan University
http://amirherzberg.com (information and lectures in cryptography & security)
Mirror site: http://www.mfn.org/~herzbea/
begin:vcard fn:Amir Herzberg n:Herzberg;Amir org:Bar Ilan University;Computer Science adr:;;;Ramat Gan ;;52900;Israel email;internet:[EMAIL PROTECTED] title:Associate Professor tel;work:+972-3-531-8863 tel;fax:+972-3-531-8863 x-mozilla-html:FALSE url:http://AmirHerzberg.com , mirror: http://www.mfn.org/~herzbea/ version:2.1 end:vcard
