Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

HMAC SHA256 support? #31

Open
bitemyapp opened this issue Jan 22, 2015 · 1 comment
Open

HMAC SHA256 support? #31

bitemyapp opened this issue Jan 22, 2015 · 1 comment

Comments

@bitemyapp
Copy link

I need a Haskell and Clojure application to be able to encrypt & decrypt each others' sessions.

Haskell uses Skein, but there isn't a well established or verified implementation of Skein for Java.

HMAC SHA256 is well established for both though.

I'm currently looking at having to reimplement the entire session encryption/decryption suite as well as Yesod integration thereof because I can't swap out the auth for clientsession. Is making the auth algo pluggable something you'd be open to?

@meteficha
Copy link
Member

Skein was chosen for its speed since clientsession is on a critical path, but the benchmark was done a long time ago. Maybe something changed.

I'd be against making it pluggable. The reason is that security-related code should have as few knobs as possible, it's too easy to shoot oneself in the foot.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants