Re: Salt and Iteration for HMAC (http://www.w3.org/2000/09/xmldsig#hmac-sha1) from Christian Geuer-Pollmann on 2002-03-05 (w3c-ietf-xmldsig@w3.org from January to March 2002)

From: Christian Geuer-Pollmann <geuer-pollmann@nue.et-inf.uni-siegen.de>
Date: Tue, 05 Mar 2002 20:20:59 +0100
To: Steve Wang <steve.wang@entegrity.com>, w3c-ietf-xmldsig@w3.org
Message-ID: <1747377385.1015359659@pinkpanther>

--On Dienstag, 5. März 2002 11:18 -0500 Steve Wang <steve.wang@entegrity.com> wrote:

> We have an XML application case for password-based HMAC
> (http://www.w3.org/2000/09/xmldsig#hmac-sha1)
> We need to compute a secret key from a password, salt and iteration count
> first (for dictionary attack) and then feed this secret key to the
> HMAC defined in XML DSIG.
>
> The question is where we will store this salt and iteration count. It
> makes more
> sense for me to store them within the signature node but I did not find
> any proper place in XML DSIG Signature node. Does XML DSIG not
> support this? If so, we may have to store them within application
> entities.

Hi Steve,

what about

<ds:SignatureMethod
   Algorithm="http://www.entegrity.com/#password-hmac-sha1"
   xmlns:entegrity="http://www.entegrity.com/#">

  <entegrity:salt>sdhfkhsdjfhakh</entegrity:salt>
  <entegrity:iterationCount>123</entegrity:iterationCount>
</ds:SignatureMethod>

Regards,
Christian

Received on Tuesday, 5 March 2002 14:16:54 UTC