HMAC DRBG is a deterministic random bit generator using HMAC specified in NIST SP 800-90. The document claims that HMAC DRBG is a pseudorandom bit generator if HMAC is a pseudorandom function. However, no proof is given in the document. This article provides a security analysis of HMAC DRBG and confirms the claim.

In this dissertation, we discuss the design of a reconfigurable, unified HMAC-hash unit for IPSec authentication. The proposed unit is reconfigurable at runtime to enable implementing any of six standard algorithms: MD5, SHA-1, RIPEMD-160, HMAC-MD5, HMAC-SHA-1, and HMAC-RIPEMD-160. The designed unit can be used for IPSec or any other security application that uses hash functions, such as digita...

Cryptographic algorithms are prevalent and important in digital communications and storage, e.g., both SHA-1 and MD5 algorithms are widely used hash functions in IF'Sec and SSL for checking the data integrity. In this paper, we propose a hardware architecture for the standard HMAC function that supports both. Our HMAC design automatically generates the padding words and reuses the key for conse...

HMAC is the most widely-deployed cryptographic-hash-function-based message authentication code. First, we describe a security issue that arises because of inconsistencies in the standards and the published literature regarding keylength. We prove a separation result between two versions of HMAC, which we denote HMAC and HMAC, the former being the real-world version standardized by Bellare et al...

HMAC is a widely used message authentication code and a pseudorandom function generator based on cryptographic hash functions such as MD5 and SHA-1. It has been standardized by ANSI, IETF, ISO and NIST. HMAC is proved to be secure as long as the compression function of the underlying hash function is a pseudorandom function. In this paper we devise two new distinguishers of the structure of HMA...

HMAC is a widely used message authentication code and a pseudorandom function generator based on cryptographic hash functions such as MD5 and SHA-1. It has been standardized by ANSI, IETF, ISO and NIST. HMAC is proved to be secure as long as the compression function of the underlying hash function is a pseudorandom function. In this paper we devise two new distinguishers of the structure of HMA...

In this paper, we present the first distinguishing attack on HMAC and NMAC based on MD5 without related keys, which distinguishes the HMAC/NMAC-MD5 from HMAC/NMAC with a random function. The attack needs 2 queries, with a success probability 0.87, while the previous distinguishing attack on HMAC-MD5 reduced to 33 rounds takes 2 messages with a success rate of 0.92. Furthermore, we give distingu...

Kim et al. [4] and Contini et al. [3] studied on the security of HMAC and NMAC based on HAVAL, MD4, MD5, SHA-0 and SHA-1. Especially, they considered the distinguishing attacks. However, they did not describe generic distinguishing attacks on NMAC and HMAC. In this paper, we describe the generic distinguishers to distinguish NMAC and HMAC with the birthday attack complexity and we prove the sec...

A design approach to create small-sized high-speed implementations of the Keyed-Hash Message Authentication Code (HMAC) is presented. The proposed implementation can either operate in HMAC-MD5 and/or in HMAC-SHA1 mode. The proposed implementations do not introduce significant area penalty. However the achieved throughput presents an increase compared to commercially available IP cores that rang...