You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The examples for generateKey() and generateKeySync() generate 64-bit HMAC keys. That is inadequate for virtually any HMAC instance. As per common NIST recommendations, the minimum should be roughly 112 bits, or more commonly 128 bits. Due to the design of HMAC itself, it is not unreasonable to choose the underlying hash function's block size as the key length. For many popular hash functions (SHA-256, SHA-224, SHA-1, MD5, ...) this happens to be 64 bytes (bytes, not bits!). This is consistent with the HMAC implementation in .NET, for example, even though it provides virtually no benefit over a 256-bit key. PR-URL: #48052 Reviewed-By: Filip Skokan <panva.ip@gmail.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
0 commit comments