Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Signing-key length is not too small? #8

Open
gleb-chipiga opened this issue Mar 7, 2015 · 3 comments
Open

Signing-key length is not too small? #8

gleb-chipiga opened this issue Mar 7, 2015 · 3 comments

Comments

@gleb-chipiga
Copy link

Accordingly https://tools.ietf.org/html/rfc2104#section-3
the key for HMAC can be of any length (keys longer than B bytes are first hashed using H). However, less than L bytes is strongly discouraged as it would decrease the security strength of the function.

For SHA-256 L = 256, but spec describes signing-key with 128-bit length.
@philwhln
Copy link

This seems pretty important to the validity of this spec

@wkral wkral mentioned this issue Mar 29, 2016
Closed
@philwhln
Copy link

@kr @tmaher Is this project still being maintained?

This was referenced May 5, 2016
Closed
Merged
@Darkheir
Copy link

Is there any plans on changing this ?
This is for me quite a big issue...

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@philwhln @gleb-chipiga @Darkheir