Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
doc: use secure key length for HMAC generateKey
The examples for generateKey() and generateKeySync() generate 64-bit HMAC keys. That is inadequate for virtually any HMAC instance. As per common NIST recommendations, the minimum should be roughly 112 bits, or more commonly 128 bits. Due to the design of HMAC itself, it is not unreasonable to choose the underlying hash function's block size as the key length. For many popular hash functions (SHA-256, SHA-224, SHA-1, MD5, ...) this happens to be 64 bytes (bytes, not bits!). This is consistent with the HMAC implementation in .NET, for example, even though it provides virtually no benefit over a 256-bit key. PR-URL: #48052 Reviewed-By: Filip Skokan <[email protected]> Reviewed-By: Luigi Pinca <[email protected]>
- Loading branch information