Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

HMAC vs simple MD5 Hash

Tags:

security

md5

hmac

Can anyone point out what the advantage of using HMАC is?

For example, if I have a text T and a key K, I can use either HMAC-MD5 algorithm or Md5(T + K) to get a signature.

like image 387
user496949 Avatar asked Feb 19 '11 15:02

user496949


People also ask

Is HMAC a MD5?

Remarks. HMACMD5 is a type of keyed hash algorithm that is constructed from the Message Digest Algorithm 5 (MD5) hash function and used as a Hash-based Message Authentication Code (HMAC).

What is difference between HMAC and hash?

They are message encryption, message authentication code, and hash functions. The major difference between MAC and hash (HMAC here) is the dependence of a key. In HMAC we have to apply the hash function along with a key on the plain text. The hash function will be applied to the plain text message.

Is HMAC MD5 secure?

For HMAC-MD5 the RFC summarizes that – although the security of the MD5 hash function itself is severely compromised – the currently known "attacks on HMAC-MD5 do not seem to indicate a practical vulnerability when used as a message authentication code", but it also adds that "for a new protocol design, a ciphersuite ...

Is HMAC secure?

HMAC is a great resistance towards cryptanalysis attacks as it uses the Hashing concept twice. HMAC consists of twin benefits of Hashing and MAC and thus is more secure than any other authentication code. RFC 2104 has issued HMAC, and HMAC has been made compulsory to implement in IP security.


1 Answers

HMAC is not susceptible to length extension attacks.

md5(T + K) should be fine for most uses unless your adversary is motivated to tamper with your message and has very good computing power. As long as you control T, birthday attacks are not applicable and you only have brute-force attacks. But it is good to be aware of the limitations. If you want to go with this approach you may want use SHA1(T + K) instead of MD5.

md5(T+K) is certainly better than md5(K+T) where an attacker may append text to your message and generate another valid MAC.

With md5(T+K), the issue is that if an attacker can find a collision with T2 such that md5(T) = md5(T2), then md5(T+K) = md5(T2+K). But this requires a brute-force attack.

Note: I say "as long as you control T", because if changes can be made to T (in such a way that it is not obvious) one can try to generate 2 messages T1 and T2 where T1 can pass for T and md5(T1) = md5(T2). Now this is relatively lot easier to do (we are talking 2^64 instead of 2^128) and the reason is the so-called Birthday paradox or Birthday attack.

Note: The design of HMAC was motivated to avoid these kinds of extension attacks. There are no known attacks against HMAC.

like image 74
Babu Srinivasan Avatar answered Oct 04 '22 18:10

Babu Srinivasan