Improving OpenIDs use of cryptography 1 - using a MAC

Paul Crowley paul at
Thu Jun 2 01:19:45 PDT 2005

Brad Fitzpatrick wrote:
> Ignoring snooping (which we've already agreed is unlikely), how do you get
> the shared secret from identity server to consumer?  Obviously not through
> an HTTP redirect, because then the user and WiFi is involved. It can't be
> a publicly accessible URL on the ID server that the consmer can GET,
> otherwise anybody could get it.

Ah, but it can!  Sorry I haven't made this clear already.  It's very 
simple: the server generates a new secret every time it's asked for one.

The exchange is like:

Consumer -> Server: give me an HMAC-SHA1 secret for OpenID
Server -> Consumer: OK, your secret 2005-06-02/1827263 is 
7750a34fa7ab26b5e... which expires 2005-06-03T04:53:14

The server will never reveal that secret again.  If the consumer forgets 
it, they'll just get a new secret and use that.

Then when the consumer wants someone identified, it'll specify
openid.auth_with=2005-06-02/1827263 which identifies the MAC secret to use.

The clever bit is that the server doesn't have to store lots of secrets. 
  It stores a secret per day.  When it wants to find out MAC secret 
2005-06-02/1827263, it looks up secret 2005-06-02, and hashes it 
together with 1827263 to generate 7750a34fa7ab26b5e... the expiry time 
is the expiry time of secret 2005-06-02.  In practice different 
lifetimes might be appropriate, but we can tweak that later.
\/ o\ Paul Crowley, paul at

More information about the yadis mailing list