> You hit the nail on the head. I should have thought to test shorter > keys. I was using a 32-byte key. Just tested with 28 bytes and the > problem does indeed go away with the shorter key.
Excellent. > > If that's the problem, I can give you a workaround for the long key. > > I would very much appreciate that! Okay, the problem was, according to the HMAC specification, if your secret is longer than the hash block length of the algorithm (which is 64 bytes for SHA1 through SHA256, and 128 bytes for SHA384 and SHA512), then the secret is supposed to be hashed, and the resulting digest is used as the secret instead. BIND had a bug in it causing this hashing of the secret to occur when the original secret was longer than the *digest* length of the algorithm--not the hash block length--and the digest length is shorter. (As previously mentioned, it's 28 bytes for SHA224.) So, any key between 29 and 64 bytes in length was being hashed to a smaller size before being used to generate a message authentication code--but shouldn't have been. Only keys that were 65 bytes or longer should've been. So, what you can do is take the key and hash it yourself, creating a pre-shortened version that will work consistently on all platforms. It will also interoperate cleanly with older versions of BIND that still have the bug and are still using the unhashed version of the key. On my Linux system, the command for that is: $ echo -n <oldsecret> | base64 -d | openssl dgst -sha224 -binary | base64 This converts a 32-byte key ("dqzfsrYoMfq+OMBl5XCKfF4KTkwV9m9k9HKlhCi6kFE=", for example) into a 28-byte key ("yfH3uKZT4eYLXAEb9KtUfnuyzoedJ2sqUe39Xw==") which, in use, will produce the exact same MAC as BIND9 would've done before the bug was fixed. On BSD, the command is: $ echo -n <oldsecret> | b64decode -r | openssl dgst -sha1 -binary | \ b64encode - | sed -n 2p As of BIND 9.7.0rc2, we'll be providing a new tool (isc-hmac-fixup) to do this for you, regardless of platform. -- Evan Hunt -- e...@isc.org Internet Systems Consortium, Inc. _______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users