[Babel-users] [babel] BASE64 and hex encoding HMAC keys for user presentation
Donald Eastlake
d3e3e3 at gmail.com
Wed Dec 26 01:04:18 GMT 2018
If you need a KDF, I recommend RFC 5869.
Thanks,
Donald
===============================
Donald E. Eastlake 3rd +1-508-333-2270 (cell)
1424 Pro Shop Court, Davenport, FL 33896 USA
d3e3e3 at gmail.com
On Mon, Dec 24, 2018 at 5:09 PM Toke Høiland-Jørgensen <toke at toke.dk> wrote:
> Juliusz Chroboczek <jch at irif.fr> writes:
>
> >>> I think that the HMAC key should be generated automatically. I'd hope
> >>> that any actual production deployment of HMAC would generate HMAC keys
> >>> either randomly or by using a suitable KDF (or whatever the right
> acronym
> >>> is) and distribute it automatically.
> >
> >> Should we pick a KDF? Not necessarily for the RFC, but at least try to
> >> get compatibility between bird and babeld, so users can just input a
> >> password and expect things to work?
> >
> > I think we might need more deployment experience before we can answer
> that.
> >
> > At this early stage, however, I wouldn't expect the master key to be
> > distributed -- the KDF would be applied to the master key on a central
> > node, and the derived secret is what gets distributed to the babeld and
> > BIRD instances. So having a common syntax for the HMAC secret should be
> > good enough.
>
> Fair enough :)
>
> -Toke
>
> _______________________________________________
> Babel-users mailing list
> Babel-users at alioth-lists.debian.net
> https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/babel-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/babel-users/attachments/20181225/a697d88c/attachment.html>
More information about the Babel-users
mailing list