Re: [webrtc-pc] Issue 1: Key shortening

FYI, I'm not sure this is really an issue. Copy of email I sent to @misi and @juberti:

> I don't think this is an issue after all... because RFC2104 already defines how HMAC keys are shortened:
>> The authentication key K can be of any length up to B, the
>> block length of the hash function. Applications that use keys longer
>> than B bytes will first hash the key using H and then use the
>> resultant L byte string as the actual key to HMAC.
> So if anything, the issue with RFC7635 is that it seems to assume the SHA1 key must be 20 bytes, when it can be up to 64 bytes and there's a defined procedure for shortening it if it's too large.
> Or have I missed something? Is there a crypto expert in the working group we could check with?

GitHub Notification of comment by taylor-b
Please view or discuss this issue at using your GitHub account

Received on Thursday, 18 May 2017 22:07:59 UTC