Hacker News new | ask | show | jobs
by homedog 4899 days ago
Basically, they use CBC-MAC to verify the integrity of their script sources. This is pretty bad because a MAC is not resistant to collisions, and given the original key, it's trivial to generate alternate data that gives the same output. A better approach would be an HMAC, using something like SHA1. Doing so makes it much more difficult to perform this type of attack.
1 comments
pjscott 4899 days ago
Wait, what? An HMAC is a MAC -- just one that happens to be constructed from a hash function in a particular way.
link
homedog 4899 days ago
This is just nitpicking. I did not say HMACs were not MACs anywhere in my comment.
link
muyuu 4899 days ago
In a particular way that happens to solve the problem at hand.
link