10

I am using HMAC (hmac-sha256 to be precise) message authentication without encryption. My question is, is having a short message make it easy to determine what my secret key is?

My C# code is as follows

HMACSHA256 hmacSha256 = new HMACSHA256(new byte[]{0xfa, 0x35, 0x24, ..., 0x5e}); // 64 byte secret key

byte[] authForMessageA = hmacSha256.ComputeHash(new byte[]{0x25}); // very short message
byte[] authForMessageB = hmacSha256.ComputeHash(new byte[]{0x66}); // another message, same key

I am exposing both the message (0x25 and 0x66) along with their authentication hashes to the public, does this make it simple for a hacker to determine my secret key (brute force or otherwise)?

Matthew
  • 247
  • 1
  • 10

1 Answers1

13

No, you are not leaking any information except how to MAC those specific values with the specific key you are using. Using a short message is exactly as secure as using a long message.

For the following, remember the definition HMAC (K,m) = H((K ⊕ opad) || H((K ⊕ ipad) || m)). There are two hashes here, an outer hash and an inner hash nested inside the outer one. The message is inside the inner hash.

Suppose I am an attacker who has your message and MAC result, and I want to derive your key. In order to get your key, I will need to do a brute-force guess. I already know the function H, I know the constants ipad and opad, and I know your message m. I need to try building lots of hashes using different key values until I come up with the right HMAC. The hardness of this task is dependent entirely on the length of K; the length of m is not a factor.

Note, however, that if you are not using a temporary key, then any message/HMAC pairs you give out will be valid for your key, so an attacker could impersonate you in a replay attack for any messages she has seen from you.

apsillers
  • 350
  • 2
  • 10