Results 1 -
2 of
2
Forgery and Partial Key-Recovery Attacks on HMAC and NMAC Using Hash Collisions
- ADVANCES IN CRYPTOLOGY - ASIACRYPT’06, LNCS 4284
, 2006
"... ..."
P.Q.: Full key-recovery attacks on hmac/nmacmd4 and nmac-md5
- CRYPTO 2007. LNCS
, 2007
"... Abstract. At Crypto ’06, Bellare presented new security proofs for HMAC and NMAC, under the assumption that the underlying compression function is a pseudo-random function family. Conversely, at Asiacrypt ’06, Contini and Yin used collision techniques to obtain forgery and partial key-recovery attac ..."
Abstract
-
Cited by 5 (1 self)
- Add to MetaCart
Abstract. At Crypto ’06, Bellare presented new security proofs for HMAC and NMAC, under the assumption that the underlying compression function is a pseudo-random function family. Conversely, at Asiacrypt ’06, Contini and Yin used collision techniques to obtain forgery and partial key-recovery attacks on HMAC and NMAC instantiated with MD4, MD5, SHA-0 and reduced SHA-1. In this paper, we present the first full key-recovery attacks on NMAC and HMAC instantiated with a real-life hash function, namely MD4. Our main result is an attack on HMAC/NMAC-MD4 which recovers the full MAC secret key after roughly 2 88 MAC queries and 2 95 MD4 computations. We also extend the partial key-recovery Contini-Yin attack on NMAC-MD5 (in the relatedkey setting) to a full key-recovery attack. The attacks are based on generalizations of collision attacks to recover a secret IV, using new differential paths for MD4.
