SHA-based encryption function in Python
Richard Parker
richard at electrophobia.com
Wed Apr 24 22:13:36 EDT 2002
Paul Rubin at phr-n2002a at nightsong.com wrote on 4/24/02 4:42 PM:
> Do the keys really need to be independent?
As I recall, it was essential to the HMAC proof of security that the keys be
independent. I don't know if is possible to prove HMAC secure with
dependent keys, but it would almost certainly require stronger assumptions
about the underlying hash function.
> How is H(K || (H || 'a' || K || X))?
I am concerned about it. You're basically using HMAC with a weaker
pseudorandom key derivation. If you absolutely can not use the xor of ipad
and opad, make sure you use a key derivation for both K1 and K2. Perhaps
the following:
H(c1 || K || H(c2 || K || x))
I strongly recommend you just use HMAC, rather than inventing your own MAC
construction.
-Richard
More information about the Python-list
mailing list