Cryptography Reference
In-Depth Information
output, of course! The seed is HMAC'ed once to produce the HMAC input for
the fi rst n bytes (where n is 16 or 20 depending on the algorithm), and then that
is HMAC'ed again to produce the input for the next n bytes.
All of this sounds almost self-referential, but it actually does work. Figure
6-8 shows the P_MD5 algorithm, illustrated out to three iterations (to produce 48
= 16 * 3 bytes of output).
secret( “ab” )
HMAC_MD5
A(1)
HMAC_MD5
A(2)
HMAC_MD5
A(3)
seed( “efghijkl” )
seed( “efghijkl” )
seed( “efghijkl” )
HMAC_MD5
HMAC_MD5
HMAC_MD5
secret( “ab” )
secret( “ab” )
output
Figure 6-8: P_MD5
So, given a secret of “ab” and a seed of “efghijkl” , A(1) is HMAC_MD5(“ab”,
“efghijkl”) , or 0xefe3a7027ddbdb424cabd0935bfb3898 . A(2) , then, is HMAC_
MD5( “ab”, 0xefe3a7027ddbdb424cabd0935bfb3898) , or 0xda55f448c81b
93ce1231cb7668bee2a2 . Because you need 40 bytes of output, and MD5 only
produces 16 per iteration, you need to iterate three times to produce 48 bytes
and throw away the last 8. This means that you need A(3) as well, which
is HMAC_MD5( “ab”, A(2) = 0xda55f448c81b93ce1231cb7668bee2a2) , or
0xbfa8ec7eda156ec26478851358c7a1fa .
With all the A s computed, you now have enough information to feed into the
“real” HMAC operations that generate the requisite 48 bytes of output. The fi nal
48 bytes of output (remembering that you discard the last 8) are
HMAC( “ab”, A(1) . “efghijkl” ) .
HMAC( “ab”, A(2) . “efghijkl” ) .
HMAC( “ab”, A(3), “efghijkl” )
 
Search WWH ::




Custom Search