|
|
|
|
|
|
by Genbox
626 days ago
|
|
|
We are saying the same thing. H0 is SHA-1 in your example. The strength of an HMAC depends on the strength of the hash function; however, since it uses two derived keys, the outer hash protects the inner hash (using the same hash function), which in turn provides protection against length extension attacks. The case I was making, is that weakhash(stronghash(m)) has the security of weakhash, no matter how strong stronghash is. |
|
|
I'll have to disagree. There are no known collision attacks against SHA-1(SHA-3(M)), so in the applied case, a combination can be more secure for some properties, even if it isn't in the theoretical case.