# Tiny Bytes: Interesting HMAC Issue

**Published by:** [ldnovak](https://paragraph.com/@ldnovak/)
**Published on:** 2022-08-12
**URL:** https://paragraph.com/@ldnovak/tiny-bytes-interesting-hmac-issue

## Content

Hi, One bit I wanted to follow up is with an interesting HMAC issue. If the key used for HMAC is longer than the block size of the underlying hash function than a hash(key) is used instead. This technically creates a collision: I have 2 keys, k and H(k), that create the same MAC. Therefore, I have a way to generate valid MACs for k without knowing what k is. From my understanding, this decreases the security of HMACs using keys larger than block size, but in many scenarios not meaningfully so. If SHA256 is used, the number of bytes of security is min(64, key bytes). 64 bytes is still a lot. However, larger keys are needed for security, the hash functions themselves will need to change. There is a potential issue here: If the long keys are ever stored as hashes in plain-text, this is equivalent to the keys themselves being stored in plain-text. According to citation below, this hasn’t been changed because of backwards compatibility concerns. Of course, this also means that if the underlying hash functions are broken, HMAC would also be broken. A good write up of this: https://pthree.org/2016/07/29/breaking-hmac/ cite: https://www.rfc-editor.org/errata/eid4809 Got to dig into a mystery. Night, Lucas

## Publication Information

- [ldnovak](https://paragraph.com/@ldnovak/): Publication homepage
- [All Posts](https://paragraph.com/@ldnovak/): More posts from this publication
- [RSS Feed](https://api.paragraph.com/blogs/rss/@ldnovak): Subscribe to updates