Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

doc: use secure key length for HMAC generateKey #48052

Merged

Conversation

tniessen
Copy link
Member

The examples for generateKey() and generateKeySync() generate 64-bit HMAC keys. That is inadequate for virtually any HMAC instance. As per common NIST recommendations, the minimum should be roughly 112 bits, or more commonly 128 bits.

Due to the design of HMAC itself, it is not unreasonable to choose the underlying hash function's block size as the key length. For many popular hash functions (SHA-256, SHA-224, SHA-1, MD5, ...) this happens to be 64 bytes (bytes, not bits!). This is consistent with the HMAC implementation in .NET, for example, even though it provides virtually no benefit over a 256-bit key.

The examples for generateKey() and generateKeySync() generate 64-bit
HMAC keys. That is inadequate for virtually any HMAC instance. As per
common NIST recommendations, the minimum should be roughly 112 bits, or
more commonly 128 bits.

Due to the design of HMAC itself, it is not unreasonable to choose the
underlying hash function's block size as the key length. For many
popular hash functions (SHA-256, SHA-224, SHA-1, MD5, ...) this happens
to be 64 bytes (bytes, not bits!). This is consistent with the HMAC
implementation in .NET, for example, even though it provides virtually
no benefit over a 256-bit key.
@tniessen tniessen added crypto Issues and PRs related to the crypto subsystem. doc Issues and PRs related to the documentations. security Issues and PRs related to security. labels May 17, 2023
@tniessen tniessen requested a review from jasnell May 18, 2023 00:29
@panva panva added the author ready PRs that have at least one approval, no pending requests for changes, and a CI started. label May 18, 2023
@tniessen tniessen added the commit-queue Add this label to land a pull request using GitHub Actions. label May 18, 2023
@nodejs-github-bot nodejs-github-bot removed the commit-queue Add this label to land a pull request using GitHub Actions. label May 19, 2023
@nodejs-github-bot nodejs-github-bot merged commit 85ac915 into nodejs:main May 19, 2023
@nodejs-github-bot
Copy link
Collaborator

Landed in 85ac915

fasenderos pushed a commit to fasenderos/node that referenced this pull request May 22, 2023
The examples for generateKey() and generateKeySync() generate 64-bit
HMAC keys. That is inadequate for virtually any HMAC instance. As per
common NIST recommendations, the minimum should be roughly 112 bits, or
more commonly 128 bits.

Due to the design of HMAC itself, it is not unreasonable to choose the
underlying hash function's block size as the key length. For many
popular hash functions (SHA-256, SHA-224, SHA-1, MD5, ...) this happens
to be 64 bytes (bytes, not bits!). This is consistent with the HMAC
implementation in .NET, for example, even though it provides virtually
no benefit over a 256-bit key.

PR-URL: nodejs#48052
Reviewed-By: Filip Skokan <[email protected]>
Reviewed-By: Luigi Pinca <[email protected]>
tniessen added a commit to tniessen/node that referenced this pull request May 22, 2023
Add a reference to potential problems with using strings as HMAC keys.
Also advise against exceeding the underlying hash function's block size
when generating HMAC keys from a cryptographically secure source of
entropy.

Refs: nodejs#48052
Refs: nodejs#37248
nodejs-github-bot pushed a commit that referenced this pull request May 24, 2023
Add a reference to potential problems with using strings as HMAC keys.
Also advise against exceeding the underlying hash function's block size
when generating HMAC keys from a cryptographically secure source of
entropy.

Refs: #48052
Refs: #37248
PR-URL: #48121
Reviewed-By: Marco Ippolito <[email protected]>
Reviewed-By: Filip Skokan <[email protected]>
Reviewed-By: Luigi Pinca <[email protected]>
targos pushed a commit that referenced this pull request May 30, 2023
The examples for generateKey() and generateKeySync() generate 64-bit
HMAC keys. That is inadequate for virtually any HMAC instance. As per
common NIST recommendations, the minimum should be roughly 112 bits, or
more commonly 128 bits.

Due to the design of HMAC itself, it is not unreasonable to choose the
underlying hash function's block size as the key length. For many
popular hash functions (SHA-256, SHA-224, SHA-1, MD5, ...) this happens
to be 64 bytes (bytes, not bits!). This is consistent with the HMAC
implementation in .NET, for example, even though it provides virtually
no benefit over a 256-bit key.

PR-URL: #48052
Reviewed-By: Filip Skokan <[email protected]>
Reviewed-By: Luigi Pinca <[email protected]>
targos pushed a commit that referenced this pull request May 30, 2023
Add a reference to potential problems with using strings as HMAC keys.
Also advise against exceeding the underlying hash function's block size
when generating HMAC keys from a cryptographically secure source of
entropy.

Refs: #48052
Refs: #37248
PR-URL: #48121
Reviewed-By: Marco Ippolito <[email protected]>
Reviewed-By: Filip Skokan <[email protected]>
Reviewed-By: Luigi Pinca <[email protected]>
@targos targos mentioned this pull request Jun 4, 2023
danielleadams pushed a commit that referenced this pull request Jul 6, 2023
The examples for generateKey() and generateKeySync() generate 64-bit
HMAC keys. That is inadequate for virtually any HMAC instance. As per
common NIST recommendations, the minimum should be roughly 112 bits, or
more commonly 128 bits.

Due to the design of HMAC itself, it is not unreasonable to choose the
underlying hash function's block size as the key length. For many
popular hash functions (SHA-256, SHA-224, SHA-1, MD5, ...) this happens
to be 64 bytes (bytes, not bits!). This is consistent with the HMAC
implementation in .NET, for example, even though it provides virtually
no benefit over a 256-bit key.

PR-URL: #48052
Reviewed-By: Filip Skokan <[email protected]>
Reviewed-By: Luigi Pinca <[email protected]>
danielleadams pushed a commit that referenced this pull request Jul 6, 2023
Add a reference to potential problems with using strings as HMAC keys.
Also advise against exceeding the underlying hash function's block size
when generating HMAC keys from a cryptographically secure source of
entropy.

Refs: #48052
Refs: #37248
PR-URL: #48121
Reviewed-By: Marco Ippolito <[email protected]>
Reviewed-By: Filip Skokan <[email protected]>
Reviewed-By: Luigi Pinca <[email protected]>
MoLow pushed a commit to MoLow/node that referenced this pull request Jul 6, 2023
The examples for generateKey() and generateKeySync() generate 64-bit
HMAC keys. That is inadequate for virtually any HMAC instance. As per
common NIST recommendations, the minimum should be roughly 112 bits, or
more commonly 128 bits.

Due to the design of HMAC itself, it is not unreasonable to choose the
underlying hash function's block size as the key length. For many
popular hash functions (SHA-256, SHA-224, SHA-1, MD5, ...) this happens
to be 64 bytes (bytes, not bits!). This is consistent with the HMAC
implementation in .NET, for example, even though it provides virtually
no benefit over a 256-bit key.

PR-URL: nodejs#48052
Reviewed-By: Filip Skokan <[email protected]>
Reviewed-By: Luigi Pinca <[email protected]>
MoLow pushed a commit to MoLow/node that referenced this pull request Jul 6, 2023
Add a reference to potential problems with using strings as HMAC keys.
Also advise against exceeding the underlying hash function's block size
when generating HMAC keys from a cryptographically secure source of
entropy.

Refs: nodejs#48052
Refs: nodejs#37248
PR-URL: nodejs#48121
Reviewed-By: Marco Ippolito <[email protected]>
Reviewed-By: Filip Skokan <[email protected]>
Reviewed-By: Luigi Pinca <[email protected]>
Ceres6 pushed a commit to Ceres6/node that referenced this pull request Aug 14, 2023
Add a reference to potential problems with using strings as HMAC keys.
Also advise against exceeding the underlying hash function's block size
when generating HMAC keys from a cryptographically secure source of
entropy.

Refs: nodejs#48052
Refs: nodejs#37248
PR-URL: nodejs#48121
Reviewed-By: Marco Ippolito <[email protected]>
Reviewed-By: Filip Skokan <[email protected]>
Reviewed-By: Luigi Pinca <[email protected]>
Ceres6 pushed a commit to Ceres6/node that referenced this pull request Aug 14, 2023
Add a reference to potential problems with using strings as HMAC keys.
Also advise against exceeding the underlying hash function's block size
when generating HMAC keys from a cryptographically secure source of
entropy.

Refs: nodejs#48052
Refs: nodejs#37248
PR-URL: nodejs#48121
Reviewed-By: Marco Ippolito <[email protected]>
Reviewed-By: Filip Skokan <[email protected]>
Reviewed-By: Luigi Pinca <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
author ready PRs that have at least one approval, no pending requests for changes, and a CI started. crypto Issues and PRs related to the crypto subsystem. doc Issues and PRs related to the documentations. security Issues and PRs related to security.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants