On 08/01/2019 10:38, Lennart Poettering wrote:
Also, you want to use standard primitives, and a HMAC is one that is designed for purposes like this. For the reasons why a HMAC is constructed the way it is, read the wikipedia page.
Well it's constructed the way it is (as wikipedia explains) to stop you being able to add data to a message and have it generate the same MAC which makes perfect sense when you are using it is a signature to check that the input hasn't been modified. That's not what is happening here though - here the hash is just to disguise the input not to verify that it hasn't changed, so the property that we are interested in is whether the algorithm can be reversed to recover plain text not whether an alternate plain text can be found to give the same cipher text. So HMAC probably isn't strictly necessary in this case but it's not going to do any harm either. Tom -- Tom Hughes (tom@xxxxxxxxxx) http://compton.nu/ _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
