Message159759
> You should explain what you already said: it is not a risk because the
> length of a HMAC is fixed.
Well, that's not entirely accurate. Exposing the length of the HMAC can expose what underlying hash is being used (eg. HMAC-SHA1 has different length than HMAC-MD5). It's generally not considered a risk since exposing the algorithm being used shouldn't impact your security (unless you're doing it very wrong). |
|
Date |
User |
Action |
Args |
2012-05-01 15:40:56 | Jon.Oberheide | set | recipients:
+ Jon.Oberheide, pitrou, vstinner, r.david.murray, neologix, sbt |
2012-05-01 15:40:56 | Jon.Oberheide | set | messageid: <1335886856.1.0.808474976986.issue14532@psf.upfronthosting.co.za> |
2012-05-01 15:40:55 | Jon.Oberheide | link | issue14532 messages |
2012-05-01 15:40:55 | Jon.Oberheide | create | |
|