|
|||||||||
|
|||||||||
| |||||||||
|
|||||||||
|
|||||||||
| |||||||||
|
|
|
| |||||||||
 |
|
|
«
Previous Thread
|
Next Thread
»
|
Thread Tools | Search this Thread | Rate Thread | Display Modes |
Dev Shed Forums Sponsor:
|
|
|
|
#1
April 9th, 2008, 09:52 AM
|
|||
|
|||
|
HMAC valid key lengths
Hi,
I looking to approve keys for use with an HMAC. Am I right in saying that there is no such thing as an invalid key length for an HMAC but being shorter than the hash algorithm's block length would lower the security while being longer wouldn't add any? Thanks in advance, Patrick
|
|
#2
April 10th, 2008, 06:30 AM
|
|||
|
|||
|
If anyone is interested the above statement is correct according to section 3.1 of http://w3.antd.nist.gov/iip_pubs/draft-ietf-ipsec-ciph-sha-256-01.txt : "A key length of 256-bits was chosen based on the recommendations in [HMAC] (i.e. key lengths less than the authenticator length decrease security strength and keys longer than the authenticator length do not significantly increase security strength)."
|
|
#3
April 10th, 2008, 10:38 AM
|
||||
|
||||
|
Your cite is from SHA256. Other hashes have shorter results.
While it is weaker to throw away bits from the result of the hash, it is acceptable in some cases. It really depends upon the threat model that you are protecting against. If you need the strength of SHA256, its pretty silly to throw away half of its output, just use SHA1
|
|
| Viewing: Dev Shed Forums > System Administration > Security and Cryptography > HMAC valid key lengths |
| Thread Tools | Search this Thread |
| Display Modes | Rate This Thread |
|
|
 |
|
|
Del.icio.us
Digg
Google
Spurl
Blink
Furl
Simpy
Y! MyWeb
Linear Mode
