When using HMAC to sign a message, is it advisable to salt a key, a message, or both?

Question

When using HMAC to sign a message, is it advisable to salt a key, a message, or both?

Let's say I'm developing a library for signing / verifying messages using the SHA-256 HMAC. If the end user uses a weak public key and sends a lot of short messages, I assume that the key is at risk for the attacker.

My intuition says that I have to add a unique salt (for each message) to the key in order to make reverse development key more difficult.

How much would the key help me, and could I get anything while also stuffing messages?

+6

hash salt hmac digital-signature

Steve clay Sep 01 '11 at 16:01

source share

1 answer

Vanessa macdougal · Accepted Answer · 2011-09-01T16:19:08+0000

Usually people will pour a key. This increases security because it makes reversing with a key key more difficult, and since the same message does not always have the same MAC, therefore, an attacker cannot simply resend a message that was sent previously with the same MAC. I do not understand what sticks the message, and you will receive.

When using HMAC to sign a message, is it advisable to salt a key, a message, or both?

More articles: