Home page logo
/

basics logo Security Basics mailing list archives

Re: HMAC vs hash+salt
From: Alexander Klimov <alserkli () inbox ru>
Date: Sun, 15 Jan 2006 12:33:53 +0200 (IST)

On Wed, 11 Jan 2006 vdhieu84 () gmail com wrote:
I don't really understand the advantage of HMAC over hash+salt

As my understand, MAC is a function of 3 inputs:
 - authentication scheme
 - key
 - message

As in HMAC, the authentication scheme is
   hash1(key XOR opad + hash2(key XOR ipad + message))

In hash+salt, if we consider salt is key then authentication scheme is
   hash1(hash2(message)+salt)

So the only difference is the authentication scheme. In this case,
HMAC is more complicated than hash+salt.

However, what I don't understand is what is the weaknesses of
hash+salt? Why HMAC is preferable to use?

To get any meaningful answer you have to specify what you are
actually doing and what are the possible attacks you care about.

MAC is designed to protect a message agains modifications by somebody
who does not know the key. For this HMAC is better than your scheme
because it requires less from the hash algorithms: If there are
*known* messages AAA and ABA, such that
  hash2(AAA) = hash2(ABA),
then an attacker can replace AAA with ABA and reuse your `MAC'. OTOH
with the real HMAC the attacker needs a collision with partially
*unknown* messages:
  hash2(secret + AAA) = hash2(secret + ABA).

See also,

  M. Bellare, R. Canetti, and H. Krawczyk,
  ``Keying hash functions for message authentication,''
  <http://www-cse.ucsd.edu/users/mihir/papers/kmd5.pdf>

-- 
Regards,
ASK

---------------------------------------------------------------------------
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The Norwich University program offers unparalleled Infosec management 
education and the case study affords you unmatched consulting experience. 
Tailor your education to your own professional goals with degree 
customizations including Emergency Management, Business Continuity Planning, 
Computer Emergency Response Teams, and Digital Investigations. 

http://www.msia.norwich.edu/secfocus
----------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
  • HMAC vs hash+salt vdhieu84 (Jan 11)
    • Re: HMAC vs hash+salt Alexander Klimov (Jan 17)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]