Bugtraq mailing list archives
Re: Correction: Re: Serious crypto problem fixed by envelope HMAC method insteadof currently used prefix
From: Steve Friedl <steve () unixwiz net>
Date: Mon, 20 Nov 2006 22:02:13 -0800
On Mon, Nov 20, 2006 at 01:45:45PM -0500, Omirjan Batyrbaev wrote:
This would have been a problem if the HMAC was just SHA-1(...) or MD5 (...) or similar type of prefix HMAC. However, the HMAC used in TLS is more involved construct (see RFC 2104) and the attack is not applicable.
It is indeed more complicated than that, and though one could certainly look at a boring RFC, it would sure be easier to look at a colorful technical illustration that shows how HMAC works. An Illustrated Guide to IPSec http://www.unixwiz.net/techtips/iguide-ipsec.html#hmac Steve :-) --- Stephen J Friedl | Security Consultant | UNIX Wizard | +1 714 544-6561 www.unixwiz.net | Tustin, Calif. USA | Microsoft MVP | steve () unixwiz net
Current thread:
- Serious crypto problem fixed by envelope HMAC method insteadof currently used prefix Omirjan Batyrbaev (Nov 20)
- Re: Serious crypto problem fixed by envelope HMAC method insteadof currently used prefix Omirjan Batyrbaev (Nov 20)
- Correction: Re: Serious crypto problem fixed by envelope HMAC method insteadof currently used prefix Omirjan Batyrbaev (Nov 20)
- Re: Correction: Re: Serious crypto problem fixed by envelope HMAC method insteadof currently used prefix Steve Friedl (Nov 21)