|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: Correction: Re: Serious crypto problem fixed by envelope HMAC method insteadof currently used prefix
From: Steve Friedl (steve
unixwiz.net)
Date: Tue Nov 21 2006 - 00:02:13 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Mon, Nov 20, 2006 at 01:45:45PM -0500, Omirjan Batyrbaev wrote:
> This would have been a problem if the HMAC was just SHA-1(...) or MD5 (...)
> or similar type of prefix HMAC. However, the HMAC used in TLS is more
> involved construct (see RFC 2104) and the attack is not applicable.
It is indeed more complicated than that, and though one could certainly
look at a boring RFC, it would sure be easier to look at a colorful
technical illustration that shows how HMAC works.
An Illustrated Guide to IPSec
http://www.unixwiz.net/techtips/iguide-ipsec.html#hmac
Steve :-)
---
Stephen J Friedl | Security Consultant | UNIX Wizard | +1 714 544-6561
www.unixwiz.net | Tustin, Calif. USA | Microsoft MVP | steveunixwiz.net
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]