Menu
I am wondering whether I can use a shared secret key established between two clients as the HMAC key too.
I saw that there is a problem when it is used as a CBC-MAC but I haven't found any evidence it is bad practice for HMACs.
Thanks, Vladimir
333
When two parties exchange messages through those secure file transfer protocols, those messages will be accompanied by HMACs instead of plain hashes. An HMAC employs both a hash function and a shared secret key. A shared secret key provides exchanging parties a way to establish the authenticity of the message.
(An HMAC key is also a symmetric key, but it's used for signing, not encryption.) A typical symmetric-key algorithm is the Advanced Encryption Standard (AES).
No. HMAC-SHA1 is very different from AES encryption. HMAC-SHA1 is not an encryption algorithm.
4. Because HMAC is a deterministic MAC (it always produces the same output when run multiple times with the same input), we were able to look up a domain name using its HMAC value. There are also randomized MACs, that output a different tag every time, even when given the same input.
I believe it is currently in the category of "seems probably OK, but why take the risk?".
Best practice is to have each side generate two new keys from the shared secret key:
encryption-key := HMAC(shared-key, "Encryption Nonce")
hmac-key := HMAC(shared-key, "Authenticity Nonce")
As caf eluded to. One of the correct ways to do this is to hash the shared-secret-key with some extra data.
For Example:
enc-key = HASH(shared-key || 1)
hmac-key = HASH(share-key || 2)
This has the benefit of not needing to transfer 2 extra nonces as well as being easy to implement.
I would NOT use the same key in different functions (enc + hmac). That is asking for trouble and a bad idea.
38
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
