Score:0

Is Using HMAC-SHA256(key, counter) For Providing Pad Only Vulnerable To Bruteforce?

cn flag
ciphertext1 = hmac-sha256(key, counter1) ⊕ (plaintext1 with plaintext1 sha1 hash)
ciphertext2 = hmac-sha256(key, counter2) ⊕ (plaintext2 with plaintext2 sha1 hash)
ciphertext3 = hmac-sha256(key ,counter3) ⊕ (plaintext3 with plaintext3 sha1 hash)
.
.
.

Note: counterN is increasing while (plaintextN with plaintextN sha1 hash) is longer than hmac-sha256(key, counterN). So it is a while function to continue hmac-sha256 with increased counters

Lets say Eve know counters and ciphertexts. Can Eve do anything other than bruteforce to find key? Is hiding counter from Eve necessary? Or can Eve break this cipher without key? What is the usage limit of this algorithm to continue use same key for hmac-sha256?

Note-2: I am not cryptographer. It is just curiosity

Note-3: key length is 256 bit

kelalaka avatar
in flag
Why do you encrypt with HMAC? it will be way slower than using KMAC or BLAKE2b as keyed MAC... you just seem to use HMAC as CTR mode. Instead, you can use [Hash this way](https://crypto.stackexchange.com/q/1656/18298)
cn flag
Yes it seems like you are right about speed. And of course in link the part of "AES has been far more extensively analyzed" is confusing. But also this part is clearly right. I think i should study on BLAKE or KMAC. Thank you!
Maarten Bodewes avatar
in flag
I would not use SHA-1 this way. If an attacker knows the plaintext and hash they could perform a bit flip attack. So I guess the answer is no. You could replace the SHA-1 with a HMAC over the counter + ciphertext instead. I'm also not sure that the algorithm is described well, due to the counter being used both as nonce and to encrypt more of the message, but that's more of a problem with the description than the cipher I suppose.
cn flag
Yes... You are right. So i can say "hmac-sha256(key, counter) ⊕ (plaintext with hmac-sha1(plaintext, maybe_another_key))" right? And probably i didn't describe well but i don't know where did i make confusing description... If "with" part is confusing i mean put space between plaintext and hmac-sha1 result then xor it with hmac-sha256 result
cn flag
I am stupid :p "hmac-sha1(plaintext, maybe_another_key)" part is unnecessary. And i decided to use this: "ciphertext1 = blake3(counter, key) ⊕ plaintext" and "hash = blake3(ciphertext1, another_key)" send ciphertext1 and hash. Thank you Maarten and kelalaka. I think i did now true isn't it? (sorry for bothering)
mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.