Security Basics mailing list archives
HMAC vs hash+salt
From: vdhieu84 () gmail com
Date: 11 Jan 2006 07:28:05 -0000
I don't really understand the advantage of HMAC over hash+salt As my understand, MAC is a function of 3 inputs: - authentication scheme - key - message As in HMAC, the authentication scheme is hash1(key XOR opad + hash2(key XOR ipad + message)) In hash+salt, if we consider salt is key then authentication scheme is hash1(hash2(message)+salt) So the only difference is the authentication scheme. In this case, HMAC is more complicated than hash+salt. However, what I don't understand is what is the weaknesses of hash+salt? Why HMAC is preferable to use? Thanks --------------------------------------------------------------------------- EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The Norwich University program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Tailor your education to your own professional goals with degree customizations including Emergency Management, Business Continuity Planning, Computer Emergency Response Teams, and Digital Investigations. http://www.msia.norwich.edu/secfocus ----------------------------------------------------------------------------
Current thread:
- HMAC vs hash+salt vdhieu84 (Jan 11)
- Re: HMAC vs hash+salt Alexander Klimov (Jan 17)