SHA-based encryption function in Python
Paul Rubin
phr-n2002a at nightsong.com
Wed Apr 24 08:37:32 EDT 2002
Richard Parker <richard at electrophobia.com> writes:
> >> the secret prefix method to construct a MAC from a hash function, i.e.
> >> MAC(x) = H(K || x). This method is generally considered to be insecure.
> >> Use the HMAC construction instead....
>
> The secret prefix method is vulnerable to an "appending" attack. An
> attacker given a message-MAC pair can compute, without the key, the correct
> MAC for a new message that has the original message as a prefix.
Ouch! That is nasty and I'd missed it. Thanks!
How about if I just hash a second time, i.e. H(H(K || x)) or
H(K || H(K || X)), rather than coding up the full HMAC machinery?
Although, HMAC in Python using string multiplication instead of loops
might not be so slow. I'll see if I can code it that way.
> The portions of your code that use H() just as a hash function don't need to
> use HMAC.
Good point.
More information about the Python-list
mailing list