undefined | Better HN

0 pointsthreedaymonk13y ago0 comments

First, this may send the wrong message to the less-focused reader: "what, I should use block ciphers instead?". Luckily, HMAC is eventually brought up, which is a fine solution.

If the reader can't be bothered to read the article to the end, I hardly think it reflects on the author. Whilst it might indeed be a more concise article if it just said "don't use a hash function for message authentication, use HMAC", it would still miss the important final point about timing attacks, not to mention the journey of explanation about why you shouldn't just use a hash function.

0 comments

pbsd13y ago

You are correct, I shouldn't have tried to argue poor readership, that's just sloppy.

j / k navigate · click thread line to collapse

0 pointsthreedaymonk13y ago0 comments

First, this may send the wrong message to the less-focused reader: "what, I should use block ciphers instead?". Luckily, HMAC is eventually brought up, which is a fine solution.