Another look at HMAC

Koblitz Neal; Menezes Alfred

doi:10.1515/jmc-2013-5004

Journal of Mathematical Cryptology (Oct 2013)

Another look at HMAC

Koblitz Neal,
Menezes Alfred

Affiliations

Koblitz Neal: Department of Mathematics, University of Washington, Box 354350, Seattle, WA 98195, USA
Menezes Alfred: Department of Combinatorics & Optimization, University of Waterloo, Waterloo, Ontario N2L 3G1, Canada

DOI: https://doi.org/10.1515/jmc-2013-5004
Journal volume & issue: Vol. 7, no. 3
pp. 225 – 251

Abstract

Read online

HMAC is the most widely-deployed cryptographic-hash-function-based message authentication code. First, we describe a security issue that arises because of inconsistencies in the standards and the published literature regarding keylength. We prove a separation result between two versions of HMAC, which we denote and , the former being the real-world version standardized by Bellare et al. in 1997 and the latter being the version described in Bellare's proof of security in his Crypto 2006 paper. Second, we describe how (the FIPS version standardized by NIST), while provably secure (in the single-user setting), succumbs to a practical attack in the multi-user setting. Third, we describe a fundamental defect from a practice-oriented standpoint in Bellare's 2006 security result for HMAC, and show that because of this defect his proof gives a security guarantee that is of little value in practice. We give a new proof of NMAC security that gives a stronger result for NMAC and HMAC and we discuss why even this stronger result by itself fails to give convincing assurance of HMAC security.

Published in Journal of Mathematical Cryptology

ISSN: 1862-2976 (Print); 1862-2984 (Online)
Publisher: De Gruyter
Country of publisher: Poland
LCC subjects: Science: Mathematics
Website: https://www.degruyter.com/view/journals/jmc/jmc-overview.xml

About the journal

Abstract

Keywords