Chapter 3 Cryptography 49
Cryptography Overview
Hash-Based Message Authentication Codes (HMAC)
A hash-based message authentication code (HMAC) combines a secret key with a
message digest to create a message authentication code. This method of creating a
MAC makes it possible to update the underlying message digest if a new attack
makes the original message digest unsecure. Crypto-C provides an HMAC
implementation based on SHA1.
Recall that SHA1 produces a 20-byte digest; in addition, we need to know that SHA1
takes input in 64-byte blocks.
Given a message M and a key k, the HMAC of M is computed as follows:
1. Create two different fixed strings that are used in the calculation:
ipad = the byte
0x36 repeated 64 times
opad = the byte
0x5C repeated 64 times
2. Extend k to 64 bytes in length by appending zeros to the end of k. For example, if k
is 25 bytes, append 39 copies of the zero byte
0x00. We will call the extended key
k’.
3. Compute the following:
SHA1(k’ XOR opad
|| SHA1((k’ XOR ipad) || M))
where
|| denotes concatenation.
The same key can be used for multiple authentications, but the key should be replaced
periodically. For security considerations, the key should be at least as long as the
message digest output. For SHA1, this means an HMAC key should be at least 20
bytes. If the key is “weakly random”—that is, if knowing some of the key bits might
help an attacker generate other key bits, then a longer key should be used.
Password-Based Encryption
Password-based encryption (PBE) generates a symmetric key from a password, and
encrypts data using that generated key. Usually, though, a password will not have
enough effective random bits to qualify as a candidate for a key or even a random
seed to generate a key. For example, each character of an 8-byte alphanumeric
password that also allows case-sensitive letters has the equivalent of slightly less than
six bits of randomness. For eight-character passwords, this is far less than the required
key size of a block cipher such as DES.
Therefore, a good PBE implementation not only uses the password, but mixes in a
random number, known as a salt, to create the key (see Figure 3-8 on page 50).
