Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[crypto] Enforce minimum key size for HMAC. #19321

Closed
jadephilipoom opened this issue Jul 28, 2023 · 1 comment
Closed

[crypto] Enforce minimum key size for HMAC. #19321

jadephilipoom opened this issue Jul 28, 2023 · 1 comment
Assignees
@jadephilipoom
Labels
Priority:P2 Priority: medium SW:cryptolib Crypto library
Milestone
cryptolib

Comments

@jadephilipoom
Copy link
Contributor

Description

The HMAC specification doesn't provide a minimum size for HMAC keys, but short keys (specifically, keys shorter than the hash function output size) degrade security. We should set a minimum size (probably the hash function output size) and return an error if the caller-provided key is too short.

CC @moidx @y-srini
@jadephilipoom jadephilipoom added Priority:P2 Priority: medium SW:cryptolib Crypto library labels Jul 28, 2023
@jadephilipoom jadephilipoom added this to the cryptolib milestone Jul 28, 2023
@jadephilipoom jadephilipoom self-assigned this Jul 28, 2023
@jadephilipoom jadephilipoom mentioned this issue Sep 27, 2023
Merged
@jadephilipoom
Copy link
Contributor Author

Resolved by #19745

@andreaskurth andreaskurth mentioned this issue Mar 28, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jadephilipoom jadephilipoom

Labels
Priority:P2 Priority: medium SW:cryptolib Crypto library
Projects
None yet
Milestone
cryptolib
Development

No branches or pull requests
1 participant
@jadephilipoom