[OpenID] My 2 Cents to the OpenID foundation

Martin Atkins mart at degeneration.co.uk
Thu Apr 2 19:08:56 UTC 2009

santrajan wrote:
> myspace signatures are SHA512 not in Openid specs. The dont support SHA1 and
> SHA256.

Ahh. This explains the interop problems with various sites I tried.

I guess they're getting this support from DotNetOpenId, which supports 
additional signature schemes HMAC-SHA384, HMAC-SHA512, DH-SHA384 and 

It'd be good if MySpace could at least also enable SHA256 for interop 
with compliant OpenID 2.0 implementations. (Though I'm aware of at least 
a few implementations that currently only support SHA-1, but that's 
certainly a problem since SHA-1 has been broken.)

More information about the general mailing list