When, where, and how to use HMAC

This question may seem like a duplicate of some others, namely this one, but even though that question asked when and how to use HMAC, the answers only addressed what HMAC was and why/how it worked.

So, my questions are:

  • When is it appropriate to use HMAC? If I'm encrypting files on my local computer? If I'm encrypting and syncing files to a server? If I'm sending messages to Bob? When is it not needed?
  • Simply, what is the recommended algorithm for generating a HMAC? I've seen the Wikipedia page, which does something strange with padding, and have read about HMACs in 'Practical Cryptography', where it says a and b are "specified constants" without going into detail about the constraints on these constants.
  • The book previously used h(h(m)||m) to prevent length extension attacks, then later defined a different algorithm for HMACs. Why was the former not appropriate for HMAC?

Replay

When is it appropriate to use HMAC? If I'm encrypting files on my local computer? If I'm encrypting and syncing files to a server? If I'm sending messages to Bob? When is it not needed?

Encryption alone only provides confidentiality. Any time you need to be certain of authenticity and integrity of data, you should use an additional construct to achieve that level of security. HMAC is one such construct, but there are others. So, it is appropriate to use HMAC when you need the additional security it provides and when an AEAD mode isn't a better choice (e.g., not available in your library, no hardware support, etc).

Simply, what is the recommended algorithm for generating a HMAC?

The details can be found in FIPS 198-1. They specify: $\operatorname{HMAC}(K, \text{text}) = H((K_0 \oplus \text{opad} )|| H((K_0 \oplus \text{ipad}) || \text{text}))$. For full details, see the spec. It isn't very long.

The book previously used h(h(m)||m) to prevent length extension attacks, then later defined a different algorithm for HMACs. Why was the former not appropriate for HMAC?

The former construction (h(h(m)||m)) has no key, so it isn't really an authentication code. Without a key, anyone can compute it.

Category: algorithm design Time: 2016-07-28 Views: 0

Related post

  • A Study of Symmetry: When, Where, and Why to Use It 2012-12-03

    Finding the proper balance in your designs is an essential part of building quality visual communication. When your design is out of balance, your message gets lost in the confusion. Key elements such as proportion and hierarchy suffer, causing the d

  • When, Where, and How to Unit Test 2012-07-18

    This question already has an answer here: When is it appropriate to not unit test? 13 answers I'm very familiar with xUnit frameworks and I try to implement unit tests on every project I start. Somewhere along the way, I realize that I'm writing the

  • When to (and how to) use CQWP, DVWP with sensitive documents 2011-01-06

    We have a certain need. In a SharePoint site, sensitive documents are collected as attachments to lists that contain business task data. A group needs to see what the disposition of those documents is (ie, where are they now in the processing, etc) w

  • What is this feature doing when I activate it "Publishing Approval Workflow", and how to use it? 2014-03-19

    I am using SharePoint 2013. What is this feature doing when I activate it "Publishing Approval Workflow", and how to use it? --------------Solutions------------- publishing approval workflow is designed specifically for publishing sites where th

  • Where and how are escape quotes stripped when saving a taxonomy terms which include comas or quotes? 2013-12-12

    in taxonomy_autocomplete: https://api.drupal.org/api/drupal/modules!taxonomy!taxonomy.pages.inc/function/taxonomy_autocomplete/6 we have the following code: // Commas and quotes in terms are special cases, so encode 'em. if (strpos($tag->name, ',') !

  • Where and how are sharepoint list stored in sharepoint apps 2014-02-08

    Sharepoint Apps, can be installed in multiple site collections. According to everything I have read about apps, sharepoint apps are isolated from the sharepoint environment and I can completely understand that. Chris O Brien says this: If you're gett

  • Where and how should one announce their new open source application 2015-06-16

    Where and how should someone announce an open source application they would like the wider public to try? Obviously they can post their code somewhere like Github. There used to be Freshmeat, which has been closed down and superseded, possibly becaus

  • Where and how to define variables for URLs etc 2015-12-01

    I have one online version of a site, and one developer version which I am working and making changes on. If I have a form with a url which the user will be redirected to: <input type="hidden" name="cancelurl" value="https://myt

  • Observables and how to use them correctly in Angular2 2016-02-15

    So I had a question answered yesterday, and I feel like I was copying code and not fully understanding what I was doing until I started diving down deep into Observables. My problem is I've always had a bit of a hard time applying and finding documen

  • Where and how can I upgrade my Galaxy 5 legally to Froyo? 2011-04-16

    Possible Duplicate: When will my phone get the Android 2.2 update (FroYo)? I have a Galaxy 550 and want to upgrade it to android 2.2 where and how can i do this legal? thanks already. --------------Solutions------------- If the update is available in

  • Where and how are the extra columns available for list view in Finder defined? 2011-12-28

    In an answer to an earlier question I found out that the available columns for Finder's list view are relative to the folder path. This means that one could choose to add a Dimensions column when browsing under ~/Pictures or Artist under ~/Music or C

  • What is mapped color and how to use them in astro-photography? 2012-08-05

    On some astro-photography website, I come across some incredible images with caption that says "X in mapped color" such as: http://www.rc-astro.com/photo/id1066_big.html What is mapped color? Why and how to use them in astro-photography? Thanks

  • What is the significance of Visual Studio Package File and how to use it? 2013-01-18

    What is the significance of Visual Studio Package File and how to use it? See the image below. Can any one provide an explanation? --------------Solutions------------- You can use the Package Designer to create and customize a package (.wsp). For exa

  • Where and how are logon and startup scripts for graphics desktop managed? 2013-01-25

    Where and how are the Ubuntu equivalent of your personal Windows configuration stored? Something akin to HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run as well as the Start Up menu. I have spotted the System | Preferences | Startup A

  • Where and how can i view skype logs (Chat and Voice history)? 2013-08-21

    Where and how can I view my skype logs (Chat and Voice history)? Does it get saved somewhere in PC by default? Can I choose a folder location myself to start saving voice and chat history? --------------Solutions------------- Skype profile data (incl

  • Where and how do I read logs for a specific app? 2013-10-23

    I know there are a lot of threads about android logs but I can't find an answer to this: Where and how do I read logs for a specific app? I have installed the Android SDK, connected my device and launched Eclipse and choose DDMS. Now, the Logcat is b

  • Identify where and how background process are started and where they comes from 2015-03-27

    First the short story: I need to migrate a server (applications, configurations and so on) and I have no clue about what is in there, no docs, people at charge just abandon and didn't leave any information so it's a kind of black box or black hole. M

  • where and how to manually apply patch? 2013-01-24

    Possible Duplicate: How do I apply a patch file? It is obvious latest colorbox plugin needs patching because even with drush install it is not working to load images and I've been at it all day, literally. So found this http://drupal.org/files/patch-

  • Where and how can I download Adobe CS 5.5 and buy its licence? 2013-02-05

    Where and how can I download Adobe CS 5.5 and its licence? I can't seem to find it anymore? They only option Adobe forces on me is CS 6. --------------Solutions------------- Your best bet would be to contact Adobe directly. If you already have a lice

iOS development

Android development

Python development

JAVA development

Development language

PHP development

Ruby development

search

Front-end development

Database

development tools

Open Platform

Javascript development

.NET development

cloud computing

server

Copyright (C) avrocks.com, All Rights Reserved.

processed in 3.098 (s). 13 q(s)