IMPLEMENTOR WARNING: Non-compliant HMAC implementations
Brad Fitzpatrick
brad at danga.com
Wed Jul 6 13:22:41 PDT 2005
On Wed, 6 Jul 2005, Taral wrote:
> On 7/6/05, Taral <taralx at gmail.com> wrote:
> > Someone recently pointed out that my library doesn't appear to work
> > with the OpenID demo. I traced this down to a failure of
> > Net::OpenID::Consumer to pad HMAC keys out to 64 bytes as specified
> > with RFC 2104.
>
> Okay, someone pointed out that I misread the operation of the ^.
> Regardless, people should carefully check their HMAC for padding
> errors. :)
So is Net::OpenID::Consumer wrong or not? I just used the code from
Digest::HMAC::SHA1 (on CPAN)... I didn't write it.
- Brad
More information about the yadis
mailing list