[cryptography] HMAC over messages digest vs messages
decoy at iki.fi
Mon Nov 7 13:35:58 EST 2011
On 2011-11-02, Jack Lloyd wrote:
> It seems like it would be harder (or at least not easier) to find a
> collision or preimage for HMAC with an unknown key than a collision or
> preimage for an unkeyed hash, so using HMAC(H(m)) allows for an avenue
> of attack that HMAC(m) would not, namely finding an inner collision
> (or preimage) on H.
Agreed, and in general this seems like yet another version of the
"repeated crypto is automatically safer" fallacy. That has already been
discussed in the past, more than one time.
Sampo Syreeni, aka decoy - decoy at iki.fi, http://decoy.iki.fi/front
+358-50-5756111, 025E D175 ABE5 027C 9494 EEB0 E090 8BA9 0509 85C2
More information about the cryptography