Difference between HMAC-SHA1(key, msg) vs SHA1(key + msg)

Question

Is there any practical difference from using HMAC-SHA1(key, msg) vs SHA1(key + msg) as a way to verify the authenticity/integrity of a certain message? Note that the plus sign means string concatenation in this context

Am I losing out on some esoteric detail that the HMAC-SHA1 offers in terms of mathematical immunity to cryptanalysis? Or do both approaches basically do the same thing?

Ive looked through the basic descriptions of both algorithms. And although HMAC-SHA1 seems to do some fancy things with padding and other stuff, I fail to understand any importance. To me both HMAC-SHA1(key, msg) & SHA1(key + msg) carry essentially the same strength/resistance against attacks aside from superficial details

How am I wrong, What am I missing?

score 1 · Accepted Answer · answered Feb 22 '16 at 07:00

1

Right off the bat, SHA1(key + msg) is vulnerable to length extension attacks. That is, if I know SHA1(key + msg) I can use that to compute SHA1(key + msg + anything I'd like to add here) without having to know the key.

answered Feb 22 '16 at 07:00

Gordon Davisson

648
1
4
11

Difference between HMAC-SHA1(key, msg) vs SHA1(key + msg)

1 Answers1

Linked