Security Basics mailing list archives
Re: HMAC vs hash+salt
From: Alexander Klimov <alserkli () inbox ru>
Date: Sun, 15 Jan 2006 12:33:53 +0200 (IST)
On Wed, 11 Jan 2006 vdhieu84 () gmail com wrote:
I don't really understand the advantage of HMAC over hash+salt As my understand, MAC is a function of 3 inputs: - authentication scheme - key - message As in HMAC, the authentication scheme is hash1(key XOR opad + hash2(key XOR ipad + message)) In hash+salt, if we consider salt is key then authentication scheme is hash1(hash2(message)+salt) So the only difference is the authentication scheme. In this case, HMAC is more complicated than hash+salt. However, what I don't understand is what is the weaknesses of hash+salt? Why HMAC is preferable to use?
To get any meaningful answer you have to specify what you are actually doing and what are the possible attacks you care about. MAC is designed to protect a message agains modifications by somebody who does not know the key. For this HMAC is better than your scheme because it requires less from the hash algorithms: If there are *known* messages AAA and ABA, such that hash2(AAA) = hash2(ABA), then an attacker can replace AAA with ABA and reuse your `MAC'. OTOH with the real HMAC the attacker needs a collision with partially *unknown* messages: hash2(secret + AAA) = hash2(secret + ABA). See also, M. Bellare, R. Canetti, and H. Krawczyk, ``Keying hash functions for message authentication,'' <http://www-cse.ucsd.edu/users/mihir/papers/kmd5.pdf> -- Regards, ASK --------------------------------------------------------------------------- EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The Norwich University program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Tailor your education to your own professional goals with degree customizations including Emergency Management, Business Continuity Planning, Computer Emergency Response Teams, and Digital Investigations. http://www.msia.norwich.edu/secfocus ----------------------------------------------------------------------------
Current thread:
- HMAC vs hash+salt vdhieu84 (Jan 11)
- Re: HMAC vs hash+salt Alexander Klimov (Jan 17)