I was reading about HMAC and why it is crucial to avoid security issues with normal prepending / appending the secret k to a message (issues due to merkel damagard construction). I am not familiar with the math and the detailed proof presented in the paper, but i was wondering why both ipad and opad are required. what if we use only one ? how will an attacker exploit that ?
Asked
Active
Viewed 108 times
