On Wed, Nov 02, 2011 at 04:25:30PM -0300, Leandro Meiners wrote: > Hi List! > > I was wondering if anybody could give me some pointers as to papers or > books that discuss the advantages/disadvantages of computing an HMAC of > a message versus previously computing a hash of the message and then > calculating the HMAC of the hash. > My initial thoughts are that there isn't any additional security > provided by either method.
It seems like it would be harder (or at least not easier) to find a collision or preimage for HMAC with an unknown key than a collision or preimage for an unkeyed hash, so using HMAC(H(m)) allows for an avenue of attack that HMAC(m) would not, namely finding an inner collision (or preimage) on H. Consider, for instance attacking HMAC-MD5(m) vs HMAC-MD5(MD5(m)). -Jack _______________________________________________ cryptography mailing list [email protected] http://lists.randombit.net/mailman/listinfo/cryptography
