0

Let's say we have a group of id/signature pairs like:

https://picasaweb.google.com/${ID1}?authkey=${SIGNATURE1}
https://picasaweb.google.com/${ID2}?authkey=${SIGNATURE2}
https://picasaweb.google.com/${ID3}?authkey=${SIGNATURE3}
https://picasaweb.google.com/${ID4}?authkey=${SIGNATURE4}
....

It is one way picasa shares the links, so they are all persistent.

If we can collect thousands or millions of those id/signature pairs, does it make the private key vulnerable? That we can generate signature for any new ID?

( Assuming the encryption method is sha1 or sha256. What if there is a salt or not?)

( picasa is just an example, please don't target at picasa. It is a general question as we saw many sites are using this method. )

( Let's say the signature is generated by this method: HMAC SHA1 Signature in Java )

4

1 回答 1

0

所以问题真正归结为一个签名的哈希是否真的“泄露”了关于用于签名哈希的密钥的任何信息。假设一个强密钥和一个好的散列函数,即使明文是已知的,HMAC 也不应该泄露任何关于密钥的信息。

这是一个关于密码学 stackexchange 的类似问题的链接,有一个很好的答案:

https://crypto.stackexchange.com/questions/2538/is-my-hmac-secure-if-i-have-a-complete-series-of-hmacd-prefix-strings

于 2012-12-26T19:13:05.160 回答