Security
The cryptographic strength of the HMAC depends upon the size of the secret key that is used. The most common attack against HMACs is brute force to uncover the secret key. HMACs are substantially less affected by collisions than their underlying hashing algorithms alone. Therefore, HMAC-MD5 does not suffer from the same weaknesses that have been found in MD5.
In 2006, Jongsung Kim, Alex Biryukov, Bart Preneel, and Seokhie Hong showed how to distinguish HMAC with reduced versions of MD5 and SHA-1 or full versions of HAVAL, MD4, and SHA-0 from a random function or HMAC with a random function. Differential distinguishers allow an attacker to devise a forgery attack on HMAC. Furthermore, differential and rectangle distinguishers can lead to second-preimage attacks. HMAC with the full version of MD4 can be forged with this knowledge. These attacks do not contradict the security proof of HMAC, but provide insight into HMAC based on existing cryptographic hash functions.
At least theoretically a timing attack could be performed to find out a HMAC digit by digit.
Read more about this topic: Hash-based Message Authentication Code
Famous quotes containing the word security:
“The reins of government have been so long slackened, that I fear the people will not quietly submit to those restraints which are necessary for the peace and security of the community.”
—Abigail Adams (1744–1818)
“We now in the United States have more security guards for the rich than we have police services for the poor districts. If you’re looking for personal security, far better to move to the suburbs than to pay taxes in New York.”
—John Kenneth Galbraith (b. 1908)
“Is a Bill of Rights a security for [religious liberty]? If there were but one sect in America, a Bill of Rights would be a small protection for liberty.... Freedom derives from a multiplicity of sects, which pervade America, and which is the best and only security for religious liberty in any society. For where there is such a variety of sects, there cannot be a majority of any one sect to oppress and persecute the rest.”
—James Madison (1751–1836)