hmac module and key format
Peter Pearson
ppearson at nowhere.invalid
Mon Feb 21 13:55:42 EST 2011
On Mon, 21 Feb 2011 02:27:36 -0800 (PST), Stuart Longland wrote:
[snip]
> Before I worried about that though, I needed to have some kind of
> understanding as to how the hmac module was used. "Arbitrary string",
> sounds to me like I give it something akin to a passphrase, and that
> is hashed(?) to provide the symmetric key for the HMAC. Wikipedia
> seems to suggest it depends on the length of the key given, so if I
> give it a string that's exactly 160-bits (for HMAC-SHA1) it'll use it
> unmodified. Would that be a correct assertion?
Yes. I predict that you will be glad you look at RFC 2104,
http://www.ietf.org/rfc/rfc2104.txt
where you will find HMAC summarized as
H(K XOR opad, H(K XOR ipad, text))
Here, opad is a block filled with the byte 0x5C, and ipad is
a block filled with the byte 0x36. If the key is no longer
than one block (and a block is 64 bytes for SHA and MD5), then
K is just the key itself; otherwise, K is a hash of the key.
--
To email me, substitute nowhere->spamcop, invalid->net.
More information about the Python-list
mailing list