W3C home > Mailing lists > Public > w3c-ietf-xmldsig@w3.org > January to March 2002

Re: Salt and Iteration for HMAC (http://www.w3.org/2000/09/xmldsig#hmac-sha1)

From: Christian Geuer-Pollmann <geuer-pollmann@nue.et-inf.uni-siegen.de>
Date: Tue, 05 Mar 2002 20:20:59 +0100
To: Steve Wang <steve.wang@entegrity.com>, w3c-ietf-xmldsig@w3.org
Message-ID: <1747377385.1015359659@pinkpanther>

--On Dienstag, 5. März 2002 11:18 -0500 Steve Wang <steve.wang@entegrity.com> wrote:

> We have an XML application case for password-based HMAC
> (http://www.w3.org/2000/09/xmldsig#hmac-sha1)
> We need to compute a secret key from a password, salt and iteration count
> first (for dictionary attack) and then feed this secret key to the
> HMAC defined in XML DSIG.
> The question is where we will store this salt and iteration count. It
> makes more
> sense for me to store them within the signature node but I did not find
> any proper place in XML DSIG Signature node. Does XML DSIG not
> support this? If so, we may have to store them within application
> entities.

Hi Steve,

what about



Received on Tuesday, 5 March 2002 14:16:54 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:21:37 UTC