Rule to check for insufficient key size to HMAC

securesauce / precli

Precaution CLI - command line static application security testing tool

https://precli.readthedocs.io/

Other

22 stars 3 forks source link

Closed ericwb closed 7 months ago

ericwb commented 7 months ago

HMAC algorithms require a minimum key size that corresponds to their digest size. Using a size less than the digest size is considered weak.