Well, if you have an internal collision hash(m1)=hash(m2) and both messages m1 a... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		more_original on June 9, 2012 \| parent \| context \| favorite \| on: Why you should never use hash functions for messag... Well, if you have an internal collision hash(m1)=hash(m2) and both messages m1 and m2 are of the same size, then it seems that one would also get hash(m1\|key\|size) = hash(m2\|key\|size). So, I cannot really see how appending the size will help. (All subject to optimistic assumptions about block sizes, etc.)

tomp on June 9, 2012 [–]

In this sense, every hash function is equally unsafe, even HMAC.

more_original on June 9, 2012 | [–]

Please substantiate. An attacker knowing an internal collision of the hash algorithm for m1 and m2 (of the same size...) can construct HMAC(m2,key) from HMAC(m1,key) without knowing the key?

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact