Wandering Thoughts archives


A suggestion for HMAC signature construction

Here is a useful safety tip if you are constructing HMAC signatures for structured messages, things that you want to parse later: put a format version number into either the key or the message.

If you want messages in the old format to fail signature checks so that the rest of your code doesn't have to deal with them, put the version number into the key. Put it into the message if you want your code to gracefully deal with several generations of message formats; each will still verify, but the messages label what format they're in.

You need to do this because otherwise your old messages, in the old message formats, still have valid signatures; after all, you signed them yourself earlier. (This is obvious once you think about it, but not necessarily before you do; I got lucky in some recent code I wrote, because when I changed the message format I also changed the key a bit.)

(This applies to any hashed signature approach in general, but why bother to reinvent the crytographic wheel? If you need hashed signatures, just use HMAC unless you have a really good reason otherwise.)

programming/HMACVersioning written at 21:45:13; Add Comment

Page tools: See As Normal.
Login: Password:
Atom Syndication: Recent Pages, Recent Comments.

This dinky wiki is brought to you by the Insane Hackers Guild, Python sub-branch.