Support truncated SHA1, SHA256 and SHA512 hashes

google / keyczar

Easy-to-use crypto toolkit

Apache License 2.0

1.1k stars 141 forks source link

Support truncated SHA1, SHA256 and SHA512 hashes #124

Closed GoogleCodeExporter closed 3 years ago

GoogleCodeExporter commented 9 years ago

It would be useful to have support for signatures based on SHA1, SHA256 and 
SHA512, which are truncated to specified byte length.

Original issue reported on code.google.com by az...@google.com on 6 Feb 2013 at 3:49

GoogleCodeExporter commented 9 years ago

Agreed. That has been on my wish/to-do list for a while. The 20-byte HMAC is 
overkill. In the interest of not making it easy to implement weak security with 
Keyczar I don't think we should allow arbitrary truncation, though. I think a 
minimum HMAC length of 8 should be good.

Original comment by swillden@google.com on 6 Feb 2013 at 3:54