[Openid-specs-ab] Issue #1005: Clarify "left truncated SHA-2 hash" in section on symmetric encryption (openid/connect)

Hans Zandbelt issues-reply at bitbucket.org
Tue Sep 20 17:00:01 UTC 2016

New issue 1005: Clarify "left truncated SHA-2 hash" in section on symmetric encryption

Hans Zandbelt:

Perhaps this is something that bothers non-native speakers only (which still makes it relevant I guess) but it seems that the native speakers I have consulted are not 100% sure either about the following:

I am not sure how to interpret  the wording around how to derive the symmetric key from a client_secret in the Symmetric Encryption section of: http://openid.net/specs/openid-connect-core-1_0.html#Encryption

The encryption section talks about using a "left truncated SHA-2 hash" but to me it is not clear if that means taking the left-most bits or the right-most bits as I don't know if "left" refers to the truncation itself (truncation happens on the *left side* of the part that remains) or the partial hash that remains (keep the *left part* after truncating on the right side).

This is especially confusing for developers that have also implemented other parts like "at_hash" (or "c_hash") validation as a similar procedure is described there as "take the left-most bits" which is unambiguous to me. "left-most bits" is used in various places where at_hash and c_hash are described e.g. http://openid.net/specs/openid-connect-core-1_0.html#HybridIDToken

I would like:
a) the same language to be used across the Core spec to avoid confusion or interpretation differences.
b) opt for "left-most bits" as the unambiguous language

More information about the Openid-specs-ab mailing list