Score:0

Is there any good attack model of HMAC?

in flag

Are there any good attack models of HMAC? Like how it can be attacked? If there are any possible attacks of HMAC I would be happy to know about it.

kelalaka avatar
in flag
The Canonical Q/A [Why does HMAC use two different keys?](https://crypto.stackexchange.com/q/15734/18298)
kelalaka avatar
in flag
Brute-force is the only way!
Score:0
vu flag

HMAC as message authentication code should be resistant to existential forgery under chosen message attack, this is known as EUF-CMA.

HMAC as a pseudo-random function should be resistant to distinguishing attack under, again, chosen message attack, which is known as IND-CMA.

I'm quite certain about the MAC part, but I'm not absolutely confident about PRF part. I don't know good references on this, feel free to add to here.

Daniel S avatar
ru flag
Bellare's paper [New proofs for NMAC and HMAC: security without collision resistance](https://eprint.iacr.org/2006/043.pdf) shows that HMAC is a PRF if the compression function (assuming a Merkle-Damaard construction) is a PRF
Score:0
ng flag

Beyond brute force and plain key leak, the only plausible attacks against HMAC are attacks on implementations.

One is: Sonia Belaïd, Luk Bettale, Emmanuelle Dottax, Laurie Genelle, Franck Rondepierre: Differential Power Analysis of HMAC SHA-2 in the Hamming Weight Model, in proceedings of SECRYPT 2013.

Another is a generic key search using fault injection, which finds an $n$-bit MAC key in $n+1$ queries (regardless of algorithm), assuming a device computes and outputs the (H)MAC of a fixed message; that device copies the key from long term storage (e.g. Flash) to RAM sequentially at each MAC computation; and (that's the difficult point) an attacker can replace a bit of their choice(s) with zero during that transfer (e.g. by laser illumination of the right location at the right instant in the execution). To find a key bit, the attacker compares the MAC with and without the replacement.

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.