So the question now arises, is HMAC using any of the broken hash functions vulnerable? I can't answer that myself yet since I haven't given it a good enough think, but I'll will point people at the original HMAC paper at: http://www.research.ibm.com/security/keyed-md5.html The paper itself is at: http://www.research.ibm.com/security/bck2.ps Perry --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com --- end forwarded text -- ----------------- R. A. Hettinga <mailto: rah@ibuc.com> The Internet Bearer Underwriting Corporation <http://www.ibuc.com/> 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'