Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

HMAC security - Is the security of the HMAC based on SHA-1 affected by the collisions attacks on SHA-1?

Tags:

hashcode

cryptography

sha1

cryptographic-hash-function

hmac

Is the security of the HMAC based on SHA-1 affected by the collisions attacks on SHA-1?

like image 220
Daniel Gartmann Avatar asked Jul 26 '10 11:07

Daniel Gartmann

People also ask

Is HMAC SHA-1 secure?

Description. The remote SSH server is configured to enable SHA-1 HMAC algorithms. Although NIST has formally deprecated use of SHA-1 for digital signatures, SHA-1 is still considered secure for HMAC as the security of HMAC does not rely on the underlying hash function being resistant to collisions.

What is HMAC security?

Hash-based Message Authentication Code (HMAC) is a message authentication code that uses a cryptographic key in conjunction with a hash function. Hash-based message authentication code (HMAC) provides the server and the client each with a private key that is known only to that specific server and that specific client.

Is HMAC collision resistant?

HMAC was proved in [4] to be a PRF assuming that (1) the underlying compression function is a PRF, and (2) the iterated hash function is weakly collision-resistant.

Does SHA-1 have collisions?

SHA-1 has been broken in 2005 by a theoretical collision attack. This attack, by Wang, requires expected 2^69 calls to SHA-1's compression function, which to this date is out of reach. In 2017, a practical collision attack on SHA-1 was reported, and the first known instance of a SHA-1 collision was provided.

1 Answers

The security implications of HMAC are described in detail in the security section of the RFC. In a nutshell, a very strong attack indeed is required before the security of the HMAC is threatened; the existing collision attacks on SHA-1 certainly don't constitute such. HMAC is specifically designed to make attacks difficult, and ordinary collision attacks won't generally suffice:

The security of the message authentication mechanism presented here depends on cryptographic properties of the hash function H: the resistance to collision finding (limited to the case where the initial value is secret and random, and where the output of the function is not explicitly available to the attacker), and the message authentication property of the compression function of H when applied to single blocks (in HMAC these blocks are partially unknown to an attacker as they contain the result of the inner H computation and, in particular, cannot be fully chosen by the attacker).

I recommend reading the whole section; it goes into more detail about exactly what attacks would suffice to break an HMAC, and just how much effort would be required.

like image 195
Nick Johnson Avatar answered Nov 02 '22 19:11

Nick Johnson
Sign in to Comment

Related questions

How to encrypt plaintext with AES-256 CBC in PHP using OpenSSL?
Is Python uuid.uuid4 strong enough for password reset links?
Microsoft.IdentityModel: Key not valid for use in specified state
Using an RSA Public Key to decrypt a string that was encrypted using RSA Private Key
What are the important points about cryptographic hash functions?
Does my app use crypting? Firebase
Using public key to verify signature in Node.JS crypto
Is Firebase using cryptography?
Where to store AES key?
Deterministically Generating cryptographically secure keys and IVEC's
Are KeyStore entries lost when the application is uninstalled?
What's the difference between a Key and a KeySpec?
Existing implementations for NIST SP 800-56A Concatenation/Single-Step Key Derivation Function? [closed]
How to compute RSA-SHA1(sha1WithRSAEncryption) value with OpenSSL
Compatible AES encryption and decryption for C# and javascript
disable weak ciphers in SSL connection
How do we convert a String from PEM to DER format
A memory-efficient SHA1 implementation
How does using a salt make a password more secure if it is stored in the database?
End-to-End encryption for a chat application

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!