Another look at HMAC

HMAC is the most widely-deployed cryptographic-hash-function-based message authentication code. First, we describe a security issue that arises because of inconsistencies in the standards and the published literature regarding keylength. We prove a separation result between two versions of HMAC, whi...

Full description

Saved in:
Bibliographic Details
Published in:Journal of mathematical cryptology 2013-10, Vol.7 (3), p.225-251
Main Authors: Koblitz, Neal, Menezes, Alfred
Format: Article
Language:English
Subjects:
hmac
message authentication code
nmac
provable security
Citations: Items that cite this one
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:HMAC is the most widely-deployed cryptographic-hash-function-based message authentication code. First, we describe a security issue that arises because of inconsistencies in the standards and the published literature regarding keylength. We prove a separation result between two versions of HMAC, which we denote [Image omitted] (the FIPS version standardized by NIST), while provably secure (in the single-user setting), succumbs to a practical attack in the multi-user setting. Third, we describe a fundamental defect from a practice-oriented standpoint in Bellare's 2006 security result for HMAC, and show that because of this defect his proof gives a security guarantee that is of little value in practice. We give a new proof of NMAC security that gives a stronger result for NMAC and HMAC and we discuss why even this stronger result by itself fails to give convincing assurance of HMAC security. [PUBLICATION ABSTRACT]
ISSN:1862-2976
1862-2984
DOI:10.1515/jmc-2013-5004