-
Notifications
You must be signed in to change notification settings - Fork 9
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Recommended HMAC key length for ecdsa-sd-2023? #58
Comments
Agree @filip26 need to give either a recommendation or requirement here. Was just looking over my test vector code the other day and was wondering about this same issue. |
Did some digging @filip26 . The specification cites RFC6234: US Secure Hash Algorithms (SHA and SHA-based HMAC and HKDF) but this is an open source implementation without advice on key lengths. FIPS PUB 198-1: The Keyed-Hash Message Authentication Code (HMAC) gives a nice description of the algorithm that can take any key size (in bytes), but doesn't give any advice. Finally there is RFC2104 HMAC: Keyed-Hashing for Message Authenticatio which does offer the following advice on HMAC key sizes:
We are using SHA-256 so L = 32 bytes (256 bits) and B = 64 bytes (512). Hence I would be inclined to cite RFC2104 and recommend a key size of 32 bytes. |
I've been looking for this, and I agree there is not much info around. MS (.NET) recommends 64 bytes but then they say if the key length is greater than 64 hash it to get 32. there is also a post on crypto.stackexchange.com +1 to recommend hmac key size of 32 bytes |
PR #60 has been merged to address this issue; closing. |
Hi,
I've not found any mention about a recommended HMAC key length. Test vector Example 49 says
32
bytes. Is it the only allowed length?The text was updated successfully, but these errors were encountered: