How to turn an unkeyed hash into a keyed hash

Secure hash functions often do not take a key per se, but they can be used with a key. Adding a key to a hash is useful, for example, to prevent a rainbow table attack.

There are a couple obvious ways to incorporate a key K when hashing a message M. One is to prepend the key to M before hashing. The other is to append K to M before hashing. That is, we either stick K onto the front or the end of M, then apply the hash function.

Both of these approaches could be vulnerable to attack under certain circumstances for reasons that are more complicated than I’d like to go into. Instead, a better approach is prepend and append the key. This is called the envelope method or more descriptively the sandwich method because the message is sandwiched between two copies of the key.

For details, see Ken Yasuda’s paper “‘Sandwich’ Is Indeed Secure: How to Authenticate a Message with Just One Hashing”, Australasian Conference on Information Security and Privacy, ACISP 2007: Information Security and Privacy pp 355–369.

Related posts

One thought on “How to turn an unkeyed hash into a keyed hash

Comments are closed.