"Jim Schaad" <jimsch(_at_)nwlink(_dot_)com> writes:
Can you give a few places where this is the convention? It seems counter to
what would be intuitive looking at the Microsoft APIs. This does not mean
that you are not correct, I was just wondering.
Well, there are three major protocols which use HMAC, namely IPsec, SSL/TLS,
and SSHv2 (aka "SSL done with SSH packet formats"). If macSize is the size of
the generated MAC (128 bits for HMAC-MD5, 160 bits for HMAC-SHA) then SSL uses
a key of size macSize, SSHv2 uses a key of size macSize, and I dunno about
IPsec (the RFCs are silent on this, and I've never implemented it so I don't
know what people use).
Peter.