0

Does this mean that the message is being added onto the hashed(message, tag) ?

m || H(m, "secret")

So the output would be something like:

"RandomMessage"+N8HqKCG01b

NoDirection
  • 69
  • 5

1 Answers1

1

Yes, || means concatenation. If H means HMAC and 'secret' is a secret key then this is secure.

Usually hmac accepts key as first argument and message as second. If this protocols MACs the key using the message instead of MACing the message using the key, I don't know whether that is secure.

If H is a hash instead of a MAC, then this is insecure.

Z.T.
  • 824
  • 7
  • 22
  • H is stated to be a cryptographic hash function so assume could be MAC? – NoDirection Nov 15 '16 at 22:08
  • So in terms of confidentiality, it is not very private as the plain-text 'message' is being exposed during the transmission? – NoDirection Nov 15 '16 at 22:11
  • 1
    @NoDirection This is our normal reference for this. And yes, if you just transmit a plaintext message this triviall provides no privacy. – SEJPM Nov 15 '16 at 22:36
  • @NoDirection if message is transmitted in the clear, there is no confidentiality. If H is a cryptographic hash function, then there is no integrity (you need HMAC for that). – Z.T. Nov 15 '16 at 23:10
  • Apart from integrity, how would a HMAC improve this tag? – NoDirection Nov 15 '16 at 23:35
  • An authentication tag is there to provide integrity and authenticity of the message. Integrity in the sense that the message cannot be (deliberately) changed without a verification error. Authenticity in the sense that the message must have been signed by someone holding the key. – Maarten Bodewes Nov 15 '16 at 23:50
  • @MaartenBodewes So just to clarify the above protocol in question has no confidentiality at all as it sends the message as well as a MAC/HMAC that is used only for authentication/integrity? – NoDirection Nov 19 '16 at 10:59
  • Of course. If you have all the bytes of $m$ how can it provide confidentiality? – Maarten Bodewes Nov 19 '16 at 11:35