Re: Salt and Iteration for HMAC (http://www.w3.org/2000/09/xmldsig#hmac-sha1) from Donald E. Eastlake 3rd on 2002-03-06 (w3c-ietf-xmldsig@w3.org from January to March 2002)

From: Donald E. Eastlake 3rd <dee3@torque.pothole.com>
Date: Wed, 06 Mar 2002 09:20:17 -0500
To: "Steve Wang" <steve.wang@entegrity.com>
cc: <w3c-ietf-xmldsig@w3.org>
Message-Id: <200203061420.JAA0000040690@torque.pothole.com>

Or you can put this information into an Object element if you are just
going to specify the http://www.w3.org/2000/09/xmldsig#hmac-sha1
algorithm and omit KeyInfo. Or you could create a custom KeyInfo child
that has your iteration and salt info.

Donald

From:  "Steve Wang" <steve.wang@entegrity.com>
Date:  Tue, 5 Mar 2002 11:18:47 -0500 (EST)
Message-ID:  <00d501c1c461$77684b00$65030a0a@chromatix.com>
Reply-To:  "Steve Wang" <steve.wang@entegrity.com>
To:  <w3c-ietf-xmldsig@w3.org>
References:  <458987A6604BF94EA6BD4966F1AF2676A8706D@pwmail-wdfld.powerway.com> <200203041547.KAA20584@tux.w3.org>
Organization:  Entegrity Solutions

>Hi, all,
>
>We have an XML application case for password-based HMAC
>(http://www.w3.org/2000/09/xmldsig#hmac-sha1)
>We need to compute a secret key from a password, salt and iteration count
>first (for dictionary attack) and then feed this secret key to the
>HMAC defined in XML DSIG.
>
>The question is where we will store this salt and iteration count. It makes
>more
>sense for me to store them within the signature node but I did not find
>any proper place in XML DSIG Signature node. Does XML DSIG not
>support this? If so, we may have to store them within application entities.
>
>Thank you.
>
>Steve
>

Received on Wednesday, 6 March 2002 09:23:27 UTC