Amir Herzberg wrote:
Perry E. Metzger wrote:
So the question now arises, is HMAC using any of the broken hash functions vulnerable?
Considering that HMAC goal is `only` a MAC (shared key authentication), the existence of any collision is not very relevant to its use. But furthermore, what HMAC needs from the hash function is only that it will be hard to find collision when using an unknown, random key; clearly the current collisions are far off from this situation.
So, finding specific collisions in the hash function should not cause too much worry about its use in HMAC. Of course, if this would lead to finding many collisions easily, including to messages with random prefixes, this could be more worrying...
Hmmm ... if you could persuade your victim to use a key that was known to be a suitable prefix for finding collisions...
Cheers,
Ben.
-- http://www.apache-ssl.org/ben.html http://www.thebunker.net/
"There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit." - Robert Woodruff
--------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
