Potential IDPrism problem

Paul Crowley paul at ciphergoth.org
Thu Jun 30 15:05:51 PDT 2005

meepbear * wrote:
> Sorry about that. It was my understanding that both mac_key and 
> enc_mac_key had to be 20 bytes long so I put in a debug assertion to 
> make sure it fails if it's not while I'm still testing it.

Your assumption is correct where DH-SHA1 is used to encrypt the MAC key 
in transit.  If it were shorter, you'd have to pad it before XORing it 
with the hashed DH shared secret, and then you'd have to transmit its 
length separately so the the recepient could remove the padding, which 
all seems unnecessary.
\/ o\ Paul Crowley, paul at ciphergoth.org
/\__/ http://www.ciphergoth.org/

More information about the yadis mailing list