[Openid-specs-ab] Issue #1008: Core 8.1: Revise example pairwise algorithms (openid/connect)

Vladimir Dzhuvinov issues-reply at bitbucket.org
Tue Jan 24 15:11:58 UTC 2017


New issue 1008: Core 8.1: Revise example pairwise algorithms
https://bitbucket.org/openid/connect/issues/1008/core-81-revise-example-pairwise-algorithms

Vladimir Dzhuvinov:

I recently saw people try to implement pairwise IDs by following the provided crypto examples 1:1. I think we can provide better guidance on that. I discussed that with Tim McLean, who you probably remember from his security review on JWT libs two years back.

On example 1:
```
Calculate sub = SHA-256 ( sector_identifier || local_account_id || salt )
```
Instead of suggesting that people build their own PRF, we could point them to standard HMAC.

On example 2:

```
Calculate sub = AES-128 ( sector_identifier || local_account_id || salt )
```

Similarly, here we could point developers to the existing standard on AES encryption in SIV mode (RFC 5297), which offers deterministic authenticated encryption:

https://tools.ietf.org/html/rfc5297#section-4




More information about the Openid-specs-ab mailing list