HMAC2 including modulo?
Posted: Thu Jun 11, 2015 7:23 pm
Hi Paul
I noticed that my PHP implementation only seems to be compatible with the application when I dont include the file size modulo in the second HMAC. An attacker could modify the byte at address (file size - 33) and cause up to an extra 15 bytes of truncation without the integrity being compromised. Bad implementations which dont check the modulo byte is less than 16 could be affected worse if they blindly strip that amount of data from the end. From what I can see, all other important data is included in one of the HMACs except for that one byte which is a bit annoying.
Thanks
Phil
I noticed that my PHP implementation only seems to be compatible with the application when I dont include the file size modulo in the second HMAC. An attacker could modify the byte at address (file size - 33) and cause up to an extra 15 bytes of truncation without the integrity being compromised. Bad implementations which dont check the modulo byte is less than 16 could be affected worse if they blindly strip that amount of data from the end. From what I can see, all other important data is included in one of the HMACs except for that one byte which is a bit annoying.
Thanks
Phil