IMPLEMENTOR WARNING: Non-compliant HMAC implementations
Brad Fitzpatrick
brad at danga.com
Wed Jul 6 14:01:52 PDT 2005
On Wed, 6 Jul 2005, Martin Atkins wrote:
> Brad Fitzpatrick wrote:
> >
> > So is Net::OpenID::Consumer wrong or not? I just used the code from
> > Digest::HMAC::SHA1 (on CPAN)... I didn't write it.
> >
>
> Well, even if no-one is technically wrong the OpenID spec should be
> spelling out exactly what format the hash should be in. Otherwise
> everyone using different libraries in different languages will be making
> incompatible digests, as we've already seen.
There's only one HMAC-SHA1. I'm not going to recopy the RFC into the
OpenID specs page. I'll go link it, though.
- Brad
More information about the yadis
mailing list