Using one key for Encryption and HMAC

I am wondering whether I can use a shared secret key established between two clients as the HMAC key too.

I saw that there is a problem when it is used as a CBC-MAC but I haven't found开发者_运维技巧 any evidence it is bad practice for HMACs.

Thanks, Vladimir

I believe it is currently in the category of "seems probably OK, but why take the risk?".

Best practice is to have each side generate two new keys from the shared secret key:

encryption-key := HMAC(shared-key, "Encryption Nonce")
hmac-key := HMAC(shared-key, "Authenticity Nonce")

As caf eluded to. One of the correct ways to do this is to hash the shared-secret-key with some extra data.

For Example:

enc-key = HASH(shared-key || 1)
hmac-key = HASH(share-key || 2)

This has the benefit of not needing to transfer 2 extra nonces as well as being easy to implement.

I would NOT use the same key in different functions (enc + hmac). That is asking for trouble and a bad idea.