What to use (best/good practice) for the secret ke

2019-07-17 09:04发布

I am implementing a HMAC-like solution based upon specifications provided to me by another company. The hashing parameters and use of the secret key is not an issue, and neither is the distribution of the key itself, since we are in close contact and close geographical location.

However - what is best practice for the actual secret key value?

Since both companies are working together, it would seem that
c9ac56dd392a3206fc80145406517d02
generated with a Rijndael algorithm and
Daisy Daisy give me your answer do
are both pretty much equally secure (in this context) as a secret key used to add to the hash?

标签: hash hmac
1条回答
成全新的幸福
2楼-- · 2019-07-17 09:50

Citing Wikipedia page on HMAC:

The cryptographic strength of the HMAC depends upon the cryptographic strength of the underlying hash function, the size of its hash output, and on the size and quality of the key.

This means that completely random key, where every bit is randomly generated, is far better than set of characters.

The optimum size of the key is equal to block size. If the key is too short then it is padded usually with zeroes (which are not random). If the key is too long then its hash function is used. The length of hash output is anyway block size.

Use of visible characters as a key makes the key easier to guess as there are far less combinations of visible characters than if we allow for every possible combination of bits. For example:

There are 95 visible characters in ASCII (out of 256 combinations). If the block size is 16 bytes (HMAC_MD5) then there are 95^16 ~= 4.4*10^31 combinations. But for 16 bytes there are 3.4*10^38 possibilities. Attacker knowing that the key consists only of visible ASCII characters knows that he requires around 10 000 000 times less time than if he had to consider every possible combination of bits.

Summarizing I recommend use of cryptographic pseudo-random number generator to generate secret keys instead of coming up with your own keys.


Edit:

As martinstoeckli suggested if you have to you can use key-derivation-function to generate byte key of specified length from text password. This is much safer than converting plain text to bytes and using these bytes as a key directly. Nevertheless, there is nothing more secure than key consisting of random bytes.

查看更多
登录 后发表回答