[cryptography] HMAC over messages digest vs messages

Sampo Syreeni decoy at iki.fi
Mon Nov 7 13:35:58 EST 2011

On 2011-11-02, Jack Lloyd wrote:

> It seems like it would be harder (or at least not easier) to find a 
> collision or preimage for HMAC with an unknown key than a collision or 
> preimage for an unkeyed hash, so using HMAC(H(m)) allows for an avenue 
> of attack that HMAC(m) would not, namely finding an inner collision 
> (or preimage) on H.

Agreed, and in general this seems like yet another version of the 
"repeated crypto is automatically safer" fallacy. That has already been 
discussed in the past, more than one time.
Sampo Syreeni, aka decoy - decoy at iki.fi, http://decoy.iki.fi/front
+358-50-5756111, 025E D175 ABE5 027C 9494 EEB0 E090 8BA9 0509 85C2

More information about the cryptography mailing list