[Openid-specs-ab] Issue #1008: Core 8.1: Revise example pairwise algorithms (openid/connect)

Vladimir Dzhuvinov issues-reply at bitbucket.org
Tue Jan 24 15:11:58 UTC 2017

New issue 1008: Core 8.1: Revise example pairwise algorithms

Vladimir Dzhuvinov:

I recently saw people try to implement pairwise IDs by following the provided crypto examples 1:1. I think we can provide better guidance on that. I discussed that with Tim McLean, who you probably remember from his security review on JWT libs two years back.

On example 1:
Calculate sub = SHA-256 ( sector_identifier || local_account_id || salt )
Instead of suggesting that people build their own PRF, we could point them to standard HMAC.

On example 2:

Calculate sub = AES-128 ( sector_identifier || local_account_id || salt )

Similarly, here we could point developers to the existing standard on AES encryption in SIV mode (RFC 5297), which offers deterministic authenticated encryption:


More information about the Openid-specs-ab mailing list