0

Is there any practical difference from using HMAC-SHA1(key, msg) vs SHA1(key + msg) as a way to verify the authenticity/integrity of a certain message? Note that the plus sign means string concatenation in this context

Am I losing out on some esoteric detail that the HMAC-SHA1 offers in terms of mathematical immunity to cryptanalysis? Or do both approaches basically do the same thing?

Ive looked through the basic descriptions of both algorithms. And although HMAC-SHA1 seems to do some fancy things with padding and other stuff, I fail to understand any importance. To me both HMAC-SHA1(key, msg) & SHA1(key + msg) carry essentially the same strength/resistance against attacks aside from superficial details

How am I wrong, What am I missing?

AlanSTACK
  • 1,305
  • 2
  • 13
  • 13
  • 1
    @octus At the risk of sounding like a clown, what exactly does the double pipe || in H(k||x) mean? Its definitely not the "given that" | found in probability notation. And quick google search has yielded nothing – AlanSTACK Feb 22 '16 at 07:33
  • It means string concatenation. – otus Feb 22 '16 at 07:36
  • While concatenation is the common usage, in crypto || is often used to mean "mapped injectively into a single string". Now, this might be the same thing, but only if the first parameter does not 'overflow' some designated datatype. A lot of (admittedly rather petty) attacks exist based on the fact when concatenating $A||0B = A0||B$ – Cryptographeur Feb 23 '16 at 11:17

1 Answers1

1

Right off the bat, SHA1(key + msg) is vulnerable to length extension attacks. That is, if I know SHA1(key + msg) I can use that to compute SHA1(key + msg + anything I'd like to add here) without having to know the key.

Gordon Davisson
  • 608
  • 1
  • 4
  • 11