W3C home > Mailing lists > Public > public-webrtc-logs@w3.org > May 2017

Re: [webrtc-pc] Issue 1: Key shortening

From: misi via GitHub <sysbot+gh@w3.org>
Date: Fri, 19 May 2017 13:45:32 +0000
To: public-webrtc-logs@w3.org
Message-ID: <issue_comment.created-302706859-1495201531-sysbot+gh@w3.org>
@taylor-b I am also not a crypto expert, but I see the same way as you. 
RFC2104 defines how to short a longer key for HMAC algs in general.
I think You find the missing puzzle piece RFC, and so the algorithm definition that we missed earlier.

I don't see the issue, you have mentioned here:
> So if anything, the issue with RFC7635 is that it seems to assume the SHA1 key must be 20 bytes, when it can be up to 64 bytes and there's a defined procedure for shortening it if it's too large.

AFAIU RFC7635 is correct and describes according RFC2104, 
HMAC-SHA-256-128 use 256bit key https://tools.ietf.org/html/rfc4868#section-2.6
20byte is correct as the output of SHA1(256bit key) that will be used as input for the final SHA1.

After clarification of this I don't see any issue here, and I think we could close this issue.

GitHub Notification of comment by misi
Please view or discuss this issue at https://github.com/w3c/webrtc-pc/issues/1156#issuecomment-302706859 using your GitHub account
Received on Friday, 19 May 2017 13:45:39 UTC

This archive was generated by hypermail 2.4.0 : Saturday, 6 May 2023 21:19:41 UTC