Home page logo
/

basics logo Security Basics mailing list archives

HMAC vs hash+salt
From: vdhieu84 () gmail com
Date: 11 Jan 2006 07:28:05 -0000

I don't really understand the advantage of HMAC over hash+salt

As my understand, MAC is a function of 3 inputs:
 - authentication scheme
 - key
 - message

As in HMAC, the authentication scheme is
   hash1(key XOR opad + hash2(key XOR ipad + message))

In hash+salt, if we consider salt is key then authentication scheme is
   hash1(hash2(message)+salt)

So the only difference is the authentication scheme. In this case, HMAC is more complicated than hash+salt.

However, what I don't understand is what is the weaknesses of hash+salt? Why HMAC is preferable to use?

Thanks

---------------------------------------------------------------------------
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The Norwich University program offers unparalleled Infosec management 
education and the case study affords you unmatched consulting experience. 
Tailor your education to your own professional goals with degree 
customizations including Emergency Management, Business Continuity Planning, 
Computer Emergency Response Teams, and Digital Investigations. 

http://www.msia.norwich.edu/secfocus
----------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]