Improving OpenIDs use of cryptography 1 - using a MAC

Paul Crowley paul at
Thu Jun 2 01:46:53 PDT 2005

Paul Crowley wrote:
> Ah, but it can!  Sorry I haven't made this clear already.  It's very 
> simple: the server generates a new secret every time it's asked for one.

I want to anticipate the objection that this is more complex than DSA. 
If you do DSA securely, it's not.

First, you will still need to add key lifetimes, and thus multiple keys 
per server and the openid.auth_with field, to the protocol.  There's 
most of your complexity right there.

Secondly, the optimization about not actually storing all the keys but 
generating them on the fly as needed isn't actually a necessary part of 
the protocol.  You could genuinely generate a new random secret and 
store it in a database every time you were asked for one, and give each 
one a lifetime of, say, one day from generation time.  They'd take up 
less disk space than the server log entries recording the GET request, 
and such requests would generally be rare. It's only if you're worried 
about requiring even that much disk space that you need to worry about 
implementing my more sophisticated suggestion.

Done right, this is in practice rather simpler than DSA.
\/ o\ Paul Crowley, paul at

More information about the yadis mailing list