IMPLEMENTOR WARNING: Non-compliant HMAC implementations
Martin Atkins
mart at degeneration.co.uk
Wed Jul 6 14:02:29 PDT 2005
Brad Fitzpatrick wrote:
>
> So is Net::OpenID::Consumer wrong or not? I just used the code from
> Digest::HMAC::SHA1 (on CPAN)... I didn't write it.
>
Well, even if no-one is technically wrong the OpenID spec should be
spelling out exactly what format the hash should be in. Otherwise
everyone using different libraries in different languages will be making
incompatible digests, as we've already seen.
More information about the yadis
mailing list