9 Dec
2024
9 Dec
'24
10:55 p.m.
On Mon, 9 Dec 2024, 11:54 pm Peter Dimov via Boost,
Amusingly enough, I'm _right now_ looking at an API documentation which requires HMAC-SHA1. :-)
Amusingly enough there isn't a problem with using HMAC-SHA1 if the key is being used as a secret, is predictable etc. This should make its use in message authentication perfectly ok if the conditions for effective authentication through use of HMAC are actually met in the system in question.