A suggestion for HMAC signature construction

July 8, 2007

Here is a useful safety tip if you are constructing HMAC signatures for structured messages, things that you want to parse later: put a format version number into either the key or the message.

If you want messages in the old format to fail signature checks so that the rest of your code doesn't have to deal with them, put the version number into the key. Put it into the message if you want your code to gracefully deal with several generations of message formats; each will still verify, but the messages label what format they're in.

You need to do this because otherwise your old messages, in the old message formats, still have valid signatures; after all, you signed them yourself earlier. (This is obvious once you think about it, but not necessarily before you do; I got lucky in some recent code I wrote, because when I changed the message format I also changed the key a bit.)

(This applies to any hashed signature approach in general, but why bother to reinvent the crytographic wheel? If you need hashed signatures, just use HMAC unless you have a really good reason otherwise.)

Written on 08 July 2007.
« Weekly spam summary on July 7th, 2007
How not to set up your DNS (part 16) »

Page tools: View Source, Add Comment.
Search:
Login: Password:
Atom Syndication: Recent Comments.

Last modified: Sun Jul 8 21:45:13 2007
This dinky wiki is brought to you by the Insane Hackers Guild, Python sub-branch.