[OPSEC] 2006 Paper on HMAC MD5/SHA attacks
RJ Atkinson <rja@extremenetworks.com> Mon, 05 January 2009 14:54 UTC
Return-Path: <opsec-bounces@ietf.org>
X-Original-To: opsec-archive@optimus.ietf.org
Delivered-To: ietfarch-opsec-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 698113A68C1; Mon, 5 Jan 2009 06:54:17 -0800 (PST)
X-Original-To: opsec@core3.amsl.com
Delivered-To: opsec@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 003123A68DB for <opsec@core3.amsl.com>; Mon, 5 Jan 2009 06:54:16 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.299
X-Spam-Level:
X-Spam-Status: No, score=-2.299 tagged_above=-999 required=5 tests=[AWL=-0.300, BAYES_00=-2.599, J_CHICKENPOX_16=0.6]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lwKxIVKhJJn8 for <opsec@core3.amsl.com>; Mon, 5 Jan 2009 06:54:15 -0800 (PST)
Received: from vms173001pub.verizon.net (vms173001pub.verizon.net [206.46.173.1]) by core3.amsl.com (Postfix) with ESMTP id 191813A6359 for <opsec@ietf.org>; Mon, 5 Jan 2009 06:54:15 -0800 (PST)
Received: from [10.30.20.71] ([70.104.193.39]) by vms173001.mailsrvcs.net (Sun Java System Messaging Server 6.2-6.01 (built Apr 3 2006)) with ESMTPA id <0KD000GF26PH8DK2@vms173001.mailsrvcs.net> for opsec@ietf.org; Mon, 05 Jan 2009 08:53:45 -0600 (CST)
Date: Mon, 05 Jan 2009 09:53:40 -0500
From: RJ Atkinson <rja@extremenetworks.com>
To: opsec@ietf.org
Message-id: <40937CD0-A3E4-453C-9756-CCFBBCFFE12C@extremenetworks.com>
MIME-version: 1.0 (Apple Message framework v930.3)
X-Mailer: Apple Mail (2.930.3)
References: <45c8c21a0901050600n9ab3ae4l81e1abc146035b83@mail.gmail.com>
Subject: [OPSEC] 2006 Paper on HMAC MD5/SHA attacks
X-BeenThere: opsec@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: opsec wg mailing list <opsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/opsec>, <mailto:opsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/pipermail/opsec>
List-Post: <mailto:opsec@ietf.org>
List-Help: <mailto:opsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/opsec>, <mailto:opsec-request@ietf.org?subject=subscribe>
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="us-ascii"; Format="flowed"
Sender: opsec-bounces@ietf.org
Errors-To: opsec-bounces@ietf.org
> http://eprint.iacr.org/2006/319.pdf Rich Graveman shared the above URL with me just now. I encourage everyone to read the original document. This is the extended version of a paper that appeared in Asiacrypt 2006.[1] The abstract from the paper reads: In this paper we analyze the security of HMAC and NMAC, both of which are hash-based message authentication codes. We present distinguishing, forgery, and partial key recovery attacks on HMAC and NMAC using collisions of MD4, MD5, SHA-0, and reduced SHA-1. Our results demonstrate that the strength of a cryptographic scheme can be greatly weakened by the insecurity of the underlying hash function. Note that as this paper is a refereed research paper, it uses terms more precisely than the IETF sometimes does. In particular, the word "attack" has a precise meaning that a function has less cryptographic strength than previously expected, not that the function has zero strength. For example, please see Table 1, which characterises the work required, O(number of compute operations), to execute a particular kind of attack for a particular construction and hash function. Please also see Section 1.4 of the paper, which says in part: The attacks presented in this paper do not imply any immediate practical threat to implementations of HMAC-MD5 or HMAC-SHA1. However, our attacks on HMAC-MD4 may not be out of range of some adversaries, and therefore it should no longer be used in practice. Kindly note that the paper does not analyse the Keyed-Hash mode of operation for any algorithm. I am continuing to scout the published literature to see what else might be relevant. As I find other papers, I'll try to share either URLs or formal citations for them here. Cheers, Ran rja@extremenetworks.com [1] http://eprint.iacr.org/2006/319 _______________________________________________ OPSEC mailing list OPSEC@ietf.org https://www.ietf.org/mailman/listinfo/opsec
- [OPSEC] 2006 Paper on HMAC MD5/SHA attacks RJ Atkinson