hmac module and key format

Peter Pearson ppearson at nowhere.invalid
Mon Feb 21 19:55:42 CET 2011

On Mon, 21 Feb 2011 02:27:36 -0800 (PST), Stuart Longland wrote:
> Before I worried about that though, I needed to have some kind of
> understanding as to how the hmac module was used.  "Arbitrary string",
> sounds to me like I give it something akin to a passphrase, and that
> is hashed(?) to provide the symmetric key for the HMAC.  Wikipedia
> seems to suggest it depends on the length of the key given, so if I
> give it a string that's exactly 160-bits (for HMAC-SHA1) it'll use it
> unmodified.  Would that be a correct assertion?

Yes.  I predict that you will be glad you look at RFC 2104,

where you will find HMAC summarized as

    H(K XOR opad, H(K XOR ipad, text))

Here, opad is a block filled with the byte 0x5C, and ipad is
a block filled with the byte 0x36.  If the key is no longer
than one block (and a block is 64 bytes for SHA and MD5), then
K is just the key itself; otherwise, K is a hash of the key.

To email me, substitute nowhere->spamcop, invalid->net.

More information about the Python-list mailing list