Forgery and Partial Key-Recovery Attacks on HMAC and NMAC Using Hash
Collisions
Dr Scott Contini
Macquarie University
We analyze the security of HMAC and NMAC, both of which are
hash-based message authentication codes. We present distinguishing,
forgery, and partial key recovery attacks on HMAC and NMAC using collisions
of MD4, MD5, SHA-0, and reduced SHA-1. Our results demonstrate that the
strength
of a cryptographic scheme can be greatly weakened by the insecurity of the
underlying hash function.
This is joint work with Yiqun Lisa Yin.