- From: misi via GitHub <sysbot+gh@w3.org>
- Date: Fri, 19 May 2017 13:45:32 +0000
- To: public-webrtc-logs@w3.org
@taylor-b I am also not a crypto expert, but I see the same way as you. RFC2104 defines how to short a longer key for HMAC algs in general. I think You find the missing puzzle piece RFC, and so the algorithm definition that we missed earlier. I don't see the issue, you have mentioned here: > So if anything, the issue with RFC7635 is that it seems to assume the SHA1 key must be 20 bytes, when it can be up to 64 bytes and there's a defined procedure for shortening it if it's too large. AFAIU RFC7635 is correct and describes according RFC2104, HMAC-SHA-256-128 use 256bit key https://tools.ietf.org/html/rfc4868#section-2.6 20byte is correct as the output of SHA1(256bit key) that will be used as input for the final SHA1. After clarification of this I don't see any issue here, and I think we could close this issue. -- GitHub Notification of comment by misi Please view or discuss this issue at https://github.com/w3c/webrtc-pc/issues/1156#issuecomment-302706859 using your GitHub account
Received on Friday, 19 May 2017 13:45:39 UTC