W3C home > Mailing lists > Public > public-webrtc-logs@w3.org > May 2017

Re: [webrtc-pc] Issue 1: Key shortening

From: Taylor Brandstetter via GitHub <sysbot+gh@w3.org>
Date: Thu, 18 May 2017 22:07:53 +0000
To: public-webrtc-logs@w3.org
Message-ID: <issue_comment.created-302555090-1495145272-sysbot+gh@w3.org>
FYI, I'm not sure this is really an issue. Copy of email I sent to @misi and @juberti:

> I don't think this is an issue after all... because RFC2104 already defines how HMAC keys are shortened:
> 
>> The authentication key K can be of any length up to B, the
>> block length of the hash function. Applications that use keys longer
>> than B bytes will first hash the key using H and then use the
>> resultant L byte string as the actual key to HMAC.
> 
> So if anything, the issue with RFC7635 is that it seems to assume the SHA1 key must be 20 bytes, when it can be up to 64 bytes and there's a defined procedure for shortening it if it's too large.
> 
> Or have I missed something? Is there a crypto expert in the working group we could check with?

-- 
GitHub Notification of comment by taylor-b
Please view or discuss this issue at https://github.com/w3c/webrtc-pc/issues/1156#issuecomment-302555090 using your GitHub account
Received on Thursday, 18 May 2017 22:07:59 UTC

This archive was generated by hypermail 2.4.0 : Saturday, 6 May 2023 21:19:41 UTC