[Bug 26950] New: Default HMAC keys should be output length, not block length from bugzilla@jessica.w3.org on 2014-10-02 (public-webcrypto@w3.org from October 2014)

From: <bugzilla@jessica.w3.org>
Date: Thu, 02 Oct 2014 04:14:15 +0000
To: public-webcrypto@w3.org
Message-ID: <bug-26950-7213@http.www.w3.org/Bugs/Public/>

https://www.w3.org/Bugs/Public/show_bug.cgi?id=26950

            Bug ID: 26950
           Summary: Default HMAC keys should be output length, not block
                    length
           Product: Web Cryptography
           Version: unspecified
          Hardware: PC
                OS: All
            Status: NEW
          Severity: normal
          Priority: P2
         Component: Web Cryptography API Document
          Assignee: sleevi@google.com
          Reporter: rlb@ipv.sx
                CC: public-webcrypto@w3.org

Currently the HMAC Operations section for generateKey requires the default key
length to be equal to the block size of the underlying hash algorithm.
https://dvcs.w3.org/hg/webcrypto-api/raw-file/tip/spec/Overview.html#hmac-operations

RFC 2104, which defines HMAC, says that there's no point to having keys longer
than the *output* length of the hash (L):
"""
   Keys longer than L bytes are acceptable but the extra
   length would not significantly increase the function strength.
"""
http://tools.ietf.org/html/rfc2104#section-3

The block length is typically much larger than the output length.  In the case
of SHA-256, for example, the block length is 512 bits.  In order to avoid
wasting bytes, the default key length for WebCrypto should be the output length
of the hash.

-- 
You are receiving this mail because:
You are on the CC list for the bug.

Received on Thursday, 2 October 2014 04:14:17 UTC