Join Log in
Score:1
Gregory Magarshak avatar Crypto

What is more secure, HMAC with SHA-1, or with SHA-256 and take a substring?

in flag
Gregory Magarshak

I'm going to guess the latter, but just wanted to ask here.

I want to have a relatively short signature, and my goal is to take a substring of the resulting hash.

214
0 + 5
samuel-lucas6 avatar
bs flag
samuel-lucas6
Duplicate of [HMAC-SHA1 vs HMAC-SHA256](https://crypto.stackexchange.com/questions/15382/hmac-sha1-vs-hmac-sha256) and [HMAC-SHA1 vs HMAC-SHA256 for data storage](https://crypto.stackexchange.com/questions/15960/differences-between-using-hmac-sha1-vs-hmac-sha256-for-data-storage). In sum, use HMAC-SHA-256 because SHA-1 shouldn't be used for any new protocols, but HMAC-SHA-1 [isn't](https://crypto.stackexchange.com/questions/26510/why-is-hmac-sha1-still-considered-secure) broken.
0
Reply
et flag
user93353
HMAC doesn't depend on collision resistance of the hash used, so HMAC-SHA1 isn't insecure. However, as a general practice, it's always better to HMAC-SHA256 for newer implementations
0
Reply
Maarten Bodewes avatar
in flag
Maarten Bodewes
@samuel-lucas6 Neither directly addresses the substring issue, although it is mentioned in one of the comments in the first question. That said, taking a substring from a well distributed randomized value doesn't alter the strength of the algorithm. Uh, maybe that's the answer :)
1
Reply
forest avatar
vn flag
forest
Are you asking about HMAC-SHA1 with a 160-bit tag vs plain SHA-256 truncated to 160 bits?
0
Reply
Gregory Magarshak avatar
in flag
Gregory Magarshak
yes that's what I meant
0
Reply
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.