24806 2014-02-25 17:49:28 +0000 Should the spec mandate a minimum key length for HMAC? 2014-09-23 16:47:20 +0000 1 1 1 Unclassified Web Cryptography Web Cryptography API Document unspecified PC Linux RESOLVED WORKSFORME P2 normal --- 1 ericroman sleevi watsonm oldest_to_newest 101347 0 ericroman 2014-02-25 17:49:28 +0000 Currently the supported key lengths for HMAC is left up to implementations. Keys shorter than the blocksize are zero padded by HMAC, and keys longer than the blocksize are hashed. So in theory any key length can be supported by the algorithm. I bring this to your attention because Chromium's implementation currently has an asymmetry in that zero length keys are supported by importKey() but they are not supported by generateKey() (NSS is choking on zero length keys given to "PK11_GenerateKeyPairWithOpFlags"). I can resolve this and consistently support zero-length keys in both functions, or in neither for our implementation. My question is whether this is something that we would want to mention in the spec so that implementations can better inter-operate. 101576 1 watsonm 2014-02-28 00:49:36 +0000 It seems odd to me to require that people do implementation work for a case that likely has no utility (zero length key) and so I'd suggest that we disallow zero-length keys. 111940 2 watsonm 2014-09-22 17:37:36 +0000 In the absence of additional comments, shall we go with my suggestion above to consistently disallow zero-length HMAC keys ? 112029 3 watsonm 2014-09-23 16:47:20 +0000 The specification already returns DataError if the length field if zero on generateKey() or if the length field or actual data is zero length on importKey().