[Openid-specs-ab] Issue #1008: Core 8.1: Revise example pairwise algorithms (openid/connect)
issues-reply at bitbucket.org
Tue Jan 24 15:11:58 UTC 2017
New issue 1008: Core 8.1: Revise example pairwise algorithms
I recently saw people try to implement pairwise IDs by following the provided crypto examples 1:1. I think we can provide better guidance on that. I discussed that with Tim McLean, who you probably remember from his security review on JWT libs two years back.
On example 1:
Calculate sub = SHA-256 ( sector_identifier || local_account_id || salt )
Instead of suggesting that people build their own PRF, we could point them to standard HMAC.
On example 2:
Calculate sub = AES-128 ( sector_identifier || local_account_id || salt )
Similarly, here we could point developers to the existing standard on AES encryption in SIV mode (RFC 5297), which offers deterministic authenticated encryption:
More information about the Openid-specs-ab