Can anyone point out what the advantage of using HMАC
is?
For example, if I have a text T
and a key K
, I can use either HMAC-MD5
algorithm or Md5(T + K)
to get a signature.
HMAC is not susceptible to length extension attacks.
md5(T + K) should be fine for most uses unless your adversary is motivated to tamper with your message and has very good computing power. As long as you control T, birthday attacks are not applicable and you only have brute-force attacks. But it is good to be aware of the limitations. If you want to go with this approach you may want use SHA1(T + K) instead of MD5.
md5(T+K) is certainly better than md5(K+T) where an attacker may append text to your message and generate another valid MAC.
With md5(T+K), the issue is that if an attacker can find a collision with T2 such that md5(T) = md5(T2), then md5(T+K) = md5(T2+K). But this requires a brute-force attack.
Note: I say "as long as you control T", because if changes can be made to T (in such a way that it is not obvious) one can try to generate 2 messages T1 and T2 where T1 can pass for T and md5(T1) = md5(T2). Now this is relatively lot easier to do (we are talking 2^64 instead of 2^128) and the reason is the so-called Birthday paradox or Birthday attack.
Note: The design of HMAC was motivated to avoid these kinds of extension attacks. There are no known attacks against HMAC.