Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

doc: improve HMAC key recommendations #48121

Merged
merged 1 commit into from
May 24, 2023
Merged

doc: improve HMAC key recommendations #48121

merged 1 commit into from
May 24, 2023

Conversation

tniessen
Copy link
Member

Add a reference to potential problems with using strings as HMAC keys. Also advise against exceeding the underlying hash function's block size when generating HMAC keys from a cryptographically secure source of entropy.

Refs: #48052
Refs: #37248

@tniessen
doc: improve HMAC key recommendations
96feae2 
Add a reference to potential problems with using strings as HMAC keys.
Also advise against exceeding the underlying hash function's block size
when generating HMAC keys from a cryptographically secure source of
entropy.

Refs: nodejs#48052
Refs: nodejs#37248
@tniessen tniessen added crypto Issues and PRs related to the crypto subsystem. security Issues and PRs related to security. labels May 22, 2023
@nodejs-github-bot nodejs-github-bot added the doc Issues and PRs related to the documentations. label May 22, 2023
@tniessen tniessen added the author ready PRs that have at least one approval, no pending requests for changes, and a CI started. label May 23, 2023
@tniessen tniessen added the review wanted PRs that need reviews. label May 24, 2023
@panva panva added the commit-queue Add this label to land a pull request using GitHub Actions. label May 24, 2023
@tniessen tniessen removed the review wanted PRs that need reviews. label May 24, 2023
@nodejs-github-bot nodejs-github-bot removed the commit-queue Add this label to land a pull request using GitHub Actions. label May 24, 2023
@nodejs-github-bot nodejs-github-bot merged commit a0e11d7 into nodejs:main May 24, 2023
@nodejs-github-bot
Copy link
Collaborator

Landed in a0e11d7

targos pushed a commit that referenced this pull request May 30, 2023
@tniessen @targos
doc: improve HMAC key recommendations
281dfaf 
Add a reference to potential problems with using strings as HMAC keys.
Also advise against exceeding the underlying hash function's block size
when generating HMAC keys from a cryptographically secure source of
entropy.

Refs: #48052
Refs: #37248
PR-URL: #48121
Reviewed-By: Marco Ippolito <marcoippolito54@gmail.com>
Reviewed-By: Filip Skokan <panva.ip@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
@targos targos mentioned this pull request Jun 4, 2023
Merged
danielleadams pushed a commit that referenced this pull request Jul 6, 2023
@tniessen @danielleadams
doc: improve HMAC key recommendations
5146a73 
Add a reference to potential problems with using strings as HMAC keys.
Also advise against exceeding the underlying hash function's block size
when generating HMAC keys from a cryptographically secure source of
entropy.

Refs: #48052
Refs: #37248
PR-URL: #48121
Reviewed-By: Marco Ippolito <marcoippolito54@gmail.com>
Reviewed-By: Filip Skokan <panva.ip@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
MoLow pushed a commit to MoLow/node that referenced this pull request Jul 6, 2023
@tniessen @MoLow
doc: improve HMAC key recommendations
d14018e 
Add a reference to potential problems with using strings as HMAC keys.
Also advise against exceeding the underlying hash function's block size
when generating HMAC keys from a cryptographically secure source of
entropy.

Refs: nodejs#48052
Refs: nodejs#37248
PR-URL: nodejs#48121
Reviewed-By: Marco Ippolito <marcoippolito54@gmail.com>
Reviewed-By: Filip Skokan <panva.ip@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
@danielleadams danielleadams mentioned this pull request Jul 10, 2023
Merged
Ceres6 pushed a commit to Ceres6/node that referenced this pull request Aug 14, 2023
@tniessen @Ceres6
doc: improve HMAC key recommendations
d4838d7 
Add a reference to potential problems with using strings as HMAC keys.
Also advise against exceeding the underlying hash function's block size
when generating HMAC keys from a cryptographically secure source of
entropy.

Refs: nodejs#48052
Refs: nodejs#37248
PR-URL: nodejs#48121
Reviewed-By: Marco Ippolito <marcoippolito54@gmail.com>
Reviewed-By: Filip Skokan <panva.ip@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Ceres6 pushed a commit to Ceres6/node that referenced this pull request Aug 14, 2023
@tniessen @Ceres6
doc: improve HMAC key recommendations
e18d0e7 
Add a reference to potential problems with using strings as HMAC keys.
Also advise against exceeding the underlying hash function's block size
when generating HMAC keys from a cryptographically secure source of
entropy.

Refs: nodejs#48052
Refs: nodejs#37248
PR-URL: nodejs#48121
Reviewed-By: Marco Ippolito <marcoippolito54@gmail.com>
Reviewed-By: Filip Skokan <panva.ip@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@marco-ippolito marco-ippolito marco-ippolito approved these changes

@aymen94 aymen94 aymen94 approved these changes

@lpinca lpinca lpinca approved these changes

@panva panva panva approved these changes

Assignees
No one assigned
Labels
author ready PRs that have at least one approval, no pending requests for changes, and a CI started. crypto Issues and PRs related to the crypto subsystem. doc Issues and PRs related to the documentations. security Issues and PRs related to security.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@tniessen @nodejs-github-bot @panva @lpinca @aymen94 @marco-ippolito