On 2011-11-02, Jack Lloyd wrote:
It seems like it would be harder (or at least not easier) to find a
collision or preimage for HMAC with an unknown key than a collision or
preimage for an unkeyed hash, so using HMAC(H(m)) allows for an avenue
of attack that HMAC(m) would not, namely finding
On 11/02/2011 06:13 PM, Jon Callas wrote:
I think I understand where you're going. However, in the general case, as
Marsh and Greg have pointed out, there are length issues, etc. that you'd
want to at the very least hash the length + the message. Very likely more
tweaks are needed, too.
Hi List!
I was wondering if anybody could give me some pointers as to papers or
books that discuss the advantages/disadvantages of computing an HMAC of
a message versus previously computing a hash of the message and then
calculating the HMAC of the hash.
My initial thoughts are that there isn't
On Wed, Nov 02, 2011 at 04:25:30PM -0300, Leandro Meiners wrote:
Hi List!
I was wondering if anybody could give me some pointers as to papers or
books that discuss the advantages/disadvantages of computing an HMAC of
a message versus previously computing a hash of the message and then
On 11/02/2011 02:33 PM, Jack Lloyd wrote:
It seems like it would be harder (or at least not easier) to find a
collision or preimage for HMAC with an unknown key than a collision or
preimage for an unkeyed hash, so using HMAC(H(m)) allows for an avenue
of attack that HMAC(m) would not, namely
On 2011 Nov 2, at 12:25 , Leandro Meiners wrote:
Hi List!
I was wondering if anybody could give me some pointers as to papers or
books that discuss the advantages/disadvantages of computing an HMAC of
a message versus previously computing a hash of the message and then
calculating the
On Nov 2, 2011, at 12:59 PM, Leandro Meiners wrote:
I thought of that, but I could not convince myself because it seems to
depend on the particular application.
For example, lets assume the following scenario: m is a message that it
authenticated by the HMAC.
For example, in the
