If you need a KDF, I recommend RFC 5869. Thanks, Donald =============================== Donald E. Eastlake 3rd +1-508-333-2270 (cell) 1424 Pro Shop Court, Davenport, FL 33896 USA [email protected]
On Mon, Dec 24, 2018 at 5:09 PM Toke Høiland-Jørgensen <[email protected]> wrote: > Juliusz Chroboczek <[email protected]> writes: > > >>> I think that the HMAC key should be generated automatically. I'd hope > >>> that any actual production deployment of HMAC would generate HMAC keys > >>> either randomly or by using a suitable KDF (or whatever the right > acronym > >>> is) and distribute it automatically. > > > >> Should we pick a KDF? Not necessarily for the RFC, but at least try to > >> get compatibility between bird and babeld, so users can just input a > >> password and expect things to work? > > > > I think we might need more deployment experience before we can answer > that. > > > > At this early stage, however, I wouldn't expect the master key to be > > distributed -- the KDF would be applied to the master key on a central > > node, and the derived secret is what gets distributed to the babeld and > > BIRD instances. So having a common syntax for the HMAC secret should be > > good enough. > > Fair enough :) > > -Toke > > _______________________________________________ > Babel-users mailing list > [email protected] > https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/babel-users
_______________________________________________ Babel-users mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/babel-users
