On 27/05/25 05:14, Niels Möller wrote:
Simon Josefsson writes:
I've seen applications pass in human password strings into HMAC, which
are sometimes longer than the block size resulting in the extra hash
step. This is usually bad practice (use scrypt or argon2 instead) but
exists.
I'm leaning towards deleting this support (leaving extra hashing to
applications that need it) for Nettle-4.0, to keep things simple. It can
be added back later if there are compelling use cases.
Perhapse a separate helper function that takes arbitrary string and
converts to correct input for the new HMAC. That would be good to cover
the edge cases and retain spec compliance.
void sha256_sum (uint8_t *digest, size_t length, const uint8_t *data);
to hash a contiguous string without having to bother with
init/update/digest? Implementation would typically need to allocate a
context struct on the stack.
Yes! I find such APIs really useful. Many applications create a
similar one internally.
Filed https://git.lysator.liu.se/nettle/nettle/-/issues/12. Is '_sum' a
good name? Some alternatives, '_hash', '_hash_string', '_message' (for
consistency with aead functions), any other suggestions?
IMO, '_hash' seems right.
HTH
Amos
_______________________________________________
nettle-bugs mailing list -- [email protected]
To unsubscribe send an email to [email protected]
