2: echo -n "salt" | cat file - | sha256sum (or "cat - file" if it's a prefix salt) vs 3: I do not know how to do this in bash. Oh OpenSSL: openssl dgst -sha256 -hmac "key" file But most will look for a website to do it for them… shit first search result also does HMAC.
The answer is right there in your break-down. The tweet contains output, nothing more. 1st: How do you get from the output to inner? 2nd: let's say you somehow got inner, how do you collide both hashes that have related prefixes? and output hash is *severely* constrained.
-
-
You're describing a preimage you also can't do that with MD5.
-
Right, MD5 is still pre-image resistant, which is a big part of what makes HMAC_MD5 better than MD5. If I tweet MD5(file || salt), someone can craft a collision and claim that's the input. Not so with HMAC_MD5. Disclaimer: MD5 for illustration purposes only. Use SHA2!
- 4 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.
+ salt).