Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 27 Jul 2012 07:58:55 +0200
From: Frank Dittrich <>
Subject: Re: mscash2 / hmac-md5 ambiguity

On 07/27/2012 06:58 AM, Frank Dittrich wrote:
> On 07/27/2012 12:57 AM, Alexander Cherepanov wrote:
>> One solution is to add to hmac-md5 hashes some prefix like $HMAC-MD5$ or
>> {HMAC-MD5}. BTW why there is none now?
> Because for hmac-md5 *any* input is valid, you don't know if a hash is
> prefixed, of if "{HMAC-MD5}" just happens to be the begin of an
> unprefixed string, so you'd have to convert it to "{HMAC-MD5}{HMAC-MD5}"

What would work is if you change the sequence.

Instead of
we use
or something similar.
That way the first part is always fixed, and the variable part comes at
the end.


Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ