Hacker News new | past | comments | ask | show | jobs | submit login

Can you be a little more specific about the cleverness you're referring to here?



Sure!

HMAC keys are exactly one block long. But lets say an app wants to have a key that's two blocks long. No big deal, hash that app key and now two is one.

Ah, but now let's say the attacker has control of input keys. He can provide both the two block key which HMAC will hash for him, or he can do the work himself and prehash the two into one. Now two different input keys seem to provide the same output (assuming identical messages, of course).

Clever, no likely security impact.


Because of the way HN structures comments, it took me a second to realize this wasn't a reply to my comment. (Or maybe I need glasses.)




Join us for AI Startup School this June 16-17 in San Francisco!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: