Re: Bug 24806 - Should the spec mandate a minimum key length for HMAC?

On Fri, Feb 28, 2014 at 9:24 AM, Ryan Sleevi <sleevi@google.com> wrote:

> That length is unnecessarily restrictive for SHA2+, which is why NIST no
> longer recommends that as the calculus.
>
> Zero length keys are well defined. Are you suggesting prohibiting them
> from import as well as generate?
>
Eric's suggestion was that import / generate should be consistent: either
both supporting zero-length or neither supporting zero-length.

Since the library doesn't support generation of zero-length keys, I
understood that to support zero-length for generate would require
additional work to catch that case and implement it outside the library.
Since that case is not exactly useful (even if it is well-defined), I
suggested we go for the option that doesn't require that additional work.

...Mark




> On Feb 28, 2014 9:14 AM, "Jim Schaad" <ietf@augustcellars.com> wrote:
>
>> I don't think that I care one way or the other.  As an arbitrary lower
>> bound I suppose it is fine.  I would also be just as happy with key length
>> being a minimum of 1/2 of the hash output length.
>>
>>
>>
>> Jim
>>
>>
>>
>>
>>
>> *From:* Mark Watson [mailto:watsonm@netflix.com]
>> *Sent:* Friday, February 28, 2014 8:29 AM
>> *To:* public-webcrypto@w3.org
>> *Subject:* Bug 24806 - Should the spec mandate a minimum key length for
>> HMAC?
>>
>>
>>
>> https://www.w3.org/Bugs/Public/show_bug.cgi?id=24806
>>
>>
>>
>> My proposal is to dis-allow zero length keys for HMAC. Comments ?
>>
>>
>>
>> ...Mark
>>
>

Received on Friday, 28 February 2014 17:44:13 UTC