[cryptography] HMAC over messages digest vs messages

Sampo Syreeni decoy at iki.fi
Mon Nov 7 13:35:58 EST 2011


On 2011-11-02, Jack Lloyd wrote:

> It seems like it would be harder (or at least not easier) to find a 
> collision or preimage for HMAC with an unknown key than a collision or 
> preimage for an unkeyed hash, so using HMAC(H(m)) allows for an avenue 
> of attack that HMAC(m) would not, namely finding an inner collision 
> (or preimage) on H.

Agreed, and in general this seems like yet another version of the 
"repeated crypto is automatically safer" fallacy. That has already been 
discussed in the past, more than one time.
-- 
Sampo Syreeni, aka decoy - decoy at iki.fi, http://decoy.iki.fi/front
+358-50-5756111, 025E D175 ABE5 027C 9494 EEB0 E090 8BA9 0509 85C2



More information about the cryptography mailing list