RE: Bug 24806 - Should the spec mandate a minimum key length for HMAC? from Jim Schaad on 2014-02-28 (public-webcrypto@w3.org from February 2014)

From: Jim Schaad <ietf@augustcellars.com>
Date: Fri, 28 Feb 2014 09:12:19 -0800
To: "'Mark Watson'" <watsonm@netflix.com>
Cc: <public-webcrypto@w3.org>
Message-ID: <07f001cf34a8$3d9b6d20$b8d24760$@augustcellars.com>

I don't think that I care one way or the other.  As an arbitrary lower bound
I suppose it is fine.  I would also be just as happy with key length being a
minimum of 1/2 of the hash output length.

 

Jim

 

 

From: Mark Watson [mailto:watsonm@netflix.com] 
Sent: Friday, February 28, 2014 8:29 AM
To: public-webcrypto@w3.org
Subject: Bug 24806 - Should the spec mandate a minimum key length for HMAC?

 

https://www.w3.org/Bugs/Public/show_bug.cgi?id=24806

 

My proposal is to dis-allow zero length keys for HMAC. Comments ?

 

...Mark

Received on Friday, 28 February 2014 17:14:26 UTC