What is the benefit of using HMAC over hash with key suffix? I realize that using key prefix is a bad idea because it allows message extension attacks. When adding key as a suffix such attack possibility is eliminated.
MAC = h(k||x) // key prefixing, bad idea
MAC = h(x||k) // key suffixing, much better idea
HMAC uses double hashing presumably to prevent extension attacks. Why is it better than just simple key suffixing?
HMAC scheme:
