SHA-based encryption function in Python
Paul Rubin
phr-n2002a at nightsong.com
Wed Apr 24 19:42:17 EDT 2002
Richard Parker <richard at electrophobia.com> writes:
> > How about if I just hash a second time, i.e. H(H(K || x)) or
> > H(K || H(K || X)), rather than coding up the full HMAC machinery?
>
> H(K1 || H(K2 || X)) is secure. The key-length equivalent security of this
> construction is given by the length of one key, not both. This construction
> is essentially HMAC, except that the HMAC construction simplifies the keying
> and makes the key-length equivalent security more obvious by adding a simple
> key-separation technique to derive both keys from a single key.
Do the keys really need to be independent?
How is H(K || (H || 'a' || K || X))?
I read the HMAC paper years ago and don't remember much, except that
the reasoning given for every detail of HMAC including the magic
constants was fairly elaborate. Some the attacks these details were
trying to stop didn't seem practical though.
Given the not-so-hot SHA-OFB encryption that I'm using, I'm mostly
only worried about practical attacks, though I did switch the MAC to
use encrypt-then-MAC since that didn't slow the function down noticably.
Thanks
Paul
More information about the Python-list
mailing list