@elwoz @marshray @matthew_d_green @0xabad1dea H(key + message) where H is immune to length extension attacks ?
-
-
Replying to @bascule
@bascule@marshray@matthew_d_green@0xabad1dea ... so, HMAC minus its length extension defense.1 reply 0 retweets 0 likes -
Replying to @elwoz
@elwoz@bascule@matthew_d_green@0xabad1dea@sergeybratus More than that, HMAC reapplies the key material just one block before the output.2 replies 0 retweets 0 likes -
Replying to @marshray
@marshray@elwoz@bascule@0xabad1dea@sergeybratus Ugh HMAC.2 replies 0 retweets 0 likes -
Replying to @matthew_d_green
@matthew_d_green@marshray@elwoz@bascule@0xabad1dea@sergeybratus Using HMAC with SHA3 is like buying a couch and leaving the plastic on.1 reply 5 retweets 1 like -
Replying to @matthew_d_green
@matthew_d_green@elwoz@bascule@0xabad1dea@sergeybratus You mean Keccak tho. We don't yet know if SHA-3 per se will define that mode.1 reply 0 retweets 0 likes -
Replying to @marshray
@marshray@matthew_d_green@elwoz@0xabad1dea@sergeybratus you mean the "squeeze" step that obsoletes HMAC? Isn't that a SHA3 requirement?1 reply 0 retweets 0 likes -
Replying to @bascule
@bascule@matthew_d_green@elwoz http://csrc.nist.gov/groups/ST/hash/documents/SHA-3_FR_Notice_Nov02_2007%20-%20more%20readable%20version.pdf … saying NIST asked for hash fns, they may not approve bare SHA-3 as a repl for HMAC.1 reply 0 retweets 0 likes -
Replying to @marshray
@marshray@matthew_d_green@elwoz according to the Keccak paper, NIST SP 800-108 is the only standard that relies explicitly on HMAC1 reply 0 retweets 0 likes -
Replying to @bascule
@bascule@matthew_d_green@elwoz http://csrc.nist.gov/publications/fips/fips198-1/FIPS-198-1_final.pdf … What about FIPS 198-1 (HMAC) itself?1 reply 0 retweets 0 likes
@marshray @matthew_d_green @elwoz remains to be seen I guess... but obsolete? ;)
-
-
Replying to @bascule
@bascule@matthew_d_green@elwoz Looking at slide 41/60 again it seems the "padded message" length wouldn't include the key.0 replies 0 retweets 0 likesThanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.