Cryptography Stack Exchange
Cryptography Stack Exchange

Questions tagged [hmac]

HMAC is a method for constructing a message authentication code based on a cryptographic hash function.

HMAC (Hash-based Message Authentication Code) is a method constructing a message authentication code based on a cryptographic hash function. The HMAC construction was published in 1996 by Mihir Bellare, Ran Canetti and Hugo Krawczyk. It is standardized in RFC 2104.

The HMAC construction can be used with any cryptograåhic hash function. Common examples include HMAC-SHA1, HMAC-SHA-256 and, in older use, HMAC-MD5.

HMAC can be proven to be secure as long as the hash function satisfies some rather mild security assumptions. In the original 1996 paper the security of HMAC was proven based on the assumption that the hash is a "weakly collision resistant" iterated hash function and that its compression function is a pseudo-random function (PRF).

In 2006 Mihir Bellare published a new security proof of HMAC based solely on the assumption that the compression function is a PRF or, alternatively, that the hash is "computationally almost universal" and that the compression function is a privacy-preserving MAC. In particular, the new proof shows that, despite the practical collision attacks known against the MD5 hash function, the HMAC-MD5 construction remains secure (at least as long as no new attacks are discovered).

624 questions
7
votes
2 answers

Is there a null HMAC?

I came up with this question while unit testing a function that includes an HMAC. What is the expected behavior of an HMAC with a well-defined key and a set of data with no elements in it? Is there such a concept as a "null HMAC"? For…
JohnDvorak
  • 402
  • 4
  • 14
6
votes
2 answers

Is my HMAC secure if I have a complete series of HMAC'd prefix strings

Let's say I have a long sentence, like "The quick brown fox jumped over the lazy dog." Let's further say that I need to keep this string encrypted, so I use an HMAC. Let's further further say I want to be able to do prefix searches for this string,…
Brandon Yarbrough
  • 163
  • 4
5
votes
1 answer

Brute forcing an HMAC

Given current technology such as GPUs and GPU cracking software I was wondering if anyone has an idea on how long it would take to brute force the key used to derive an HMAC?
hobeau
  • 823
  • 1
  • 9
  • 11
5
votes
1 answer

Do I understand HMAC-SHA-xxx and HMAC-SHA-xxx-yyy correctly?

I've recently started looking at HMAC, and there a few things that I'm not 100% sure that I'm understanding correctly. Am I right about these three things? HMAC-SHA-xxx has an output length of xxx bits HMAC-SHA-xxx-yyy has an output length of yyy…
Jan
  • 53
  • 3
5
votes
3 answers

Security implications of the key padding in HMAC

I just learned HMAC in class. Keys are zero-padded in HMAC hashing function. 10 and 1 will be both transformed into the same final key (e.g. 1000). Isn't that a problem?
lyfeng
  • 53
  • 5
4
votes
2 answers

HMAC does it matter if I chose the cipher text or the plain text as the message?

I am using HMAC to create a message authentication code. My question is, does it matter if I use cipher text + encryption key or plain text + encryption key? I had a look at a implementation and as far as I can see they just concatenate the values…
pesdfa
  • 43
  • 3
4
votes
2 answers

Use HMAC or encryption for deep links?

On a few occasions I've converted URLs with authentication via a session cookie to deep link URL's with no cookie authentication. These are URL's with simple id's like /download/pdf/1. I convert them to deep links either by appending a HMAC of the…
Erik van Velzen
  • 143
  • 4
4
votes
1 answer

can we use two different hash functions in single hmac?

Can we use two different hash functions in single hmac..for ex' for inner layer hash function md5 and for outer layer hash function sha1
Sahal Naz
  • 41
  • 1
4
votes
1 answer

Is there any good reason to chain HMACs in this manner?

I am looking at some decompiled Java code from an Android app. As a security measure, a signature is passed as a parameter to a number of JSON requests. The method that generates the signature is as so: private String getSignature(String s, String…
Cybergibbons
  • 293
  • 1
  • 7
3
votes
2 answers

Case insensitive verification of HMAC / Base64 signature

I am signing a short message using the base64 of an HMAC, like this (python): import hashlib import hmac import base64 raw = hmac.new("key", msg="secret", digestmod=hashlib.sha1).digest() base64.urlsafe_b64encode(raw) That last line returns…
Graham King
  • 133
  • 4
3
votes
2 answers

Why isn't this HMAC construction/check secure?

A MAC is calculated the following way: mac = sha1(secret || m)[0:8] [0:8] denotes taking the first 8 characters from the resulting hash. The length of the secret is unknown. Users (and potential attackers) can check the validity of a particular MAC…
netik
  • 133
  • 4
3
votes
1 answer

Length of truncated HMAC output

RFC 2104 says: Applications of HMAC can choose to truncate the output of HMAC by outputting the t leftmost bits of the HMAC computation for some parameter t [...]. We recommend that the output length t be not less than half the length of the hash…
user42529
  • 103
  • 1
  • 5
3
votes
1 answer

Is the mod_auth_tkt scheme secure?

The third-party Apache plugin mod_auth_tkt uses a tragically-not-HMAC construction: digest0 = hash( encode_ip_timestamp(ip, timestamp) + secret + userid + '\0' + tokens + '\0' + user_data).hexdigest() digest = hash(digest0 +…
joeforker
  • 561
  • 5
  • 13
3
votes
1 answer

Using HMAC to secure a "widget"

Let's say I have a web "widget" that a customer could include on their website. They would include the widget by adding an iframe that points to a URL on my site. I want to ensure that my widget can only be used by paying customers so I was thinking…
bmatcuk
  • 133
  • 3
2
votes
0 answers

Why the salt is used as a key in the extract phase of HKDF?

What is the reason that in the HKDF standard (RFC5869), in the "extract" phase, the 'salt" parameter is instantiated as HMAC key, and the secret keying material 'IKM' is instantiated as HMAC input data (so that the extract phase equation is…
Evgeni Vaknin
  • 1,076
  • 7
  • 18
1
2 3