[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [GNU Crypto] Small problem with HMac
|
From: |
Casey Marshall |
|
Subject: |
Re: [GNU Crypto] Small problem with HMac |
|
Date: |
Fri, 10 Jan 2003 03:07:28 -0800 |
|
User-agent: |
Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.0.1) Gecko/20021130 |
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Raif S. Naffah wrote:
| hello Casey,
|
| On Friday 10 January 2003 18:29, Casey Marshall wrote:
|
|>Raif S. Naffah wrote:
|>| On Thursday 09 January 2003 23:22, Casey Marshall wrote:
|>|>...
|>Going through the test case attached, I also noticed that HMac also
|>doesn't handle keys larger than the block size properly...
|
| this is because section 3 in rfc-2104 reads:
|
| "
| 3. Keys
|
| The key for HMAC can be of any length (keys longer than B bytes are
| first hashed using H).
That is the part I was referring to.
| ..."
|
| i'd rather err on the side of caution. dont you agree?
|
Yes. Short keys should be bogus.
Cheers,
- --
Casey Marshall || address@hidden
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQE+HqlvgAuWMgRGsWsRAh38AJ9HWWKXCJZHQ0YaN62DKHmc6JI5QQCfQ1F6
SAU0L9BGC1b/d8jPjq8+BBk=
=VliX
-----END PGP SIGNATURE-----