Perry E. Metzger perry at
Mon Aug 16 19:29:24 PDT 2004

So the question now arises, is HMAC using any of the broken hash
functions vulnerable?

I can't answer that myself yet since I haven't given it a good enough
think, but I'll will point people at the original HMAC paper at:

The paper itself is at:


The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at

--- end forwarded text

R. A. Hettinga <mailto: rah at>
The Internet Bearer Underwriting Corporation <>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'

More information about the cypherpunks-legacy mailing list