Is Using HMAC-SHA256(key, counter) For Providing Pad Only Vulnerable To Bruteforce?

whatamnotsaying

8/6/23, 8:43 PM

ciphertext1 = hmac-sha256(key, counter1) ⊕ (plaintext1 with plaintext1 sha1 hash)
ciphertext2 = hmac-sha256(key, counter2) ⊕ (plaintext2 with plaintext2 sha1 hash)
ciphertext3 = hmac-sha256(key ,counter3) ⊕ (plaintext3 with plaintext3 sha1 hash)
.
.
.

Note: counterN is increasing while (plaintextN with plaintextN sha1 hash) is longer than hmac-sha256(key, counterN). So it is a while function to continue hmac-sha256 with increased counters

Lets say Eve know counters and ciphertexts. Can Eve do anything other than bruteforce to find key? Is hiding counter from Eve necessary? Or can Eve break this cipher without key? What is the usage limit of this algorithm to continue use same key for hmac-sha256?

Note-2: I am not cryptographer. It is just curiosity

Note-3: key length is 256 bit

0 + 0

hmac

ctr

kelalaka

8/6/23, 8:57 PM

Why do you encrypt with HMAC? it will be way slower than using KMAC or BLAKE2b as keyed MAC... you just seem to use HMAC as CTR mode. Instead, you can use [Hash this way](https://crypto.stackexchange.com/q/1656/18298)

whatamnotsaying

8/6/23, 9:18 PM

Yes it seems like you are right about speed. And of course in link the part of "AES has been far more extensively analyzed" is confusing. But also this part is clearly right. I think i should study on BLAKE or KMAC. Thank you!

Maarten Bodewes

8/6/23, 9:44 PM

I would not use SHA-1 this way. If an attacker knows the plaintext and hash they could perform a bit flip attack. So I guess the answer is no. You could replace the SHA-1 with a HMAC over the counter + ciphertext instead. I'm also not sure that the algorithm is described well, due to the counter being used both as nonce and to encrypt more of the message, but that's more of a problem with the description than the cipher I suppose.

whatamnotsaying

8/6/23, 10:05 PM

Yes... You are right. So i can say "hmac-sha256(key, counter) ⊕ (plaintext with hmac-sha1(plaintext, maybe_another_key))" right? And probably i didn't describe well but i don't know where did i make confusing description... If "with" part is confusing i mean put space between plaintext and hmac-sha1 result then xor it with hmac-sha256 result

whatamnotsaying

8/7/23, 2:23 AM

I am stupid :p "hmac-sha1(plaintext, maybe_another_key)" part is unnecessary. And i decided to use this: "ciphertext1 = blake3(counter, key) ⊕ plaintext" and "hash = blake3(ciphertext1, another_key)" send ciphertext1 and hash. Thank you Maarten and kelalaka. I think i did now true isn't it? (sorry for bothering)

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Is Using HMAC-SHA256(key, counter) For Providing Pad Only Vulnerable To Bruteforce?

TH: การใช้ HMAC-SHA256(คีย์, ตัวนับ) สำหรับการจัดหาแพดเท่านั้นที่เสี่ยงต่อ Bruteforce หรือไม่

RO: Utilizarea HMAC-SHA256(cheie, contor) pentru furnizarea de pad numai este vulnerabilă la Bruteforce?

RU: Является ли использование HMAC-SHA256 (ключ, счетчик) только для предоставления пэда уязвимым для брутфорса?

VI: Việc sử dụng HMAC-SHA256(key, counter) để chỉ cung cấp Pad có dễ bị tấn công bởi Bruteforce không?

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.