LOGBOOK

HELP

Quiz Entry - updated: 2026.07.14

Why do digital signatures require stronger hash functions than HMAC or session key generation?

Because signatures must remain valid for 15-20 years, while MACs and session keys only need to last for the duration of a single communication.

Required security lifetime: session key vs HMAC tag vs signature

* A signature must survive decades of future attacks; a MAC tag or session key is relevant for one message or connection. *

The key difference is time horizon:

Use Case Required Lifetime Hash Strength Needed
Digital signature 15-20 years Must resist future attacks — use strongest available
HMAC for integrity Duration of message processing Short-lived — adequate security now is sufficient
Session key derivation Duration of one connection Very short-lived — even key renegotiation during session

This is why:

  • Signatures must use SHA-2 or SHA-3 with at least 256 bits
  • HMAC can still use SHA-1 (per BSI) because collision resistance isn't the primary security property for MAC
  • Even MD5 is still used in some PRF constructions (like older TLS versions) because the exposure window is minutes, not decades

Tip: When choosing a hash function, always ask: "How long must this remain secure?" — that determines your minimum hash size.

From Quiz: KRYPTOG / One-Way and Hash Functions | Updated: Jul 14, 2026