IMPLEMENTOR WARNING: Non-compliant HMAC implementations

Brad Fitzpatrick brad at
Wed Jul 6 13:22:41 PDT 2005

On Wed, 6 Jul 2005, Taral wrote:

> On 7/6/05, Taral <taralx at> wrote:
> > Someone recently pointed out that my library doesn't appear to work
> > with the OpenID demo. I traced this down to a failure of
> > Net::OpenID::Consumer to pad HMAC keys out to 64 bytes as specified
> > with RFC 2104.
> Okay, someone pointed out that I misread the operation of the ^.
> Regardless, people should carefully check their HMAC for padding
> errors. :)

So is Net::OpenID::Consumer wrong or not?  I just used the code from
Digest::HMAC::SHA1 (on CPAN)... I didn't write it.

- Brad

More information about the yadis mailing list