[cryptography] HMAC over messages digest vs messages

Rose, Greg ggr at qualcomm.com
Wed Nov 2 15:36:48 EDT 2011

On 2011 Nov 2, at 12:25 , Leandro Meiners wrote:

> Hi List!
> I was wondering if anybody could give me some pointers as to papers or
> books that discuss the advantages/disadvantages of computing an HMAC of
> a message versus previously computing a hash of the message and then
> calculating the HMAC of the hash.
> My initial thoughts are that there isn't any additional security
> provided by either method.
> What about calculating the HMAC of the message concatenated to the hash?
> This seems more secure but I have no idea how to prove either statement.
> Any helps is greatly appreciated.
> Cheers,
> Leandro.-

If I have two documents that collide under the hash function, calculating the MAC over the hash of the documents would allow me to substitute one for the other without the MAC changing, even though I don't know the MAC's key. But calculating the MAC directly on the document almost certainly wouldn't collide, nor would an attacker (who doesn't know the key) be able to calculate collisions offline.


More information about the cryptography mailing list