friend icon indicating copy to clipboard operation
friend copied to clipboard
verified publisher icon cemerick

Add HMAC support

Open cemerick opened this issue 11 years ago • 2 comments

Friend should support HMAC in conjunction with any other credential function; obviously starting with the bcrypt that is currently shipped.

Appeals to authority include @abedra's friendly evisceration of typical Clojure webapp security practices ;-) and Mozilla's password storage guidelines.

Related work may include a "crypto-hmac" library as suggested by @weavejester here, though it looks like that was speculative?

cemerick avatar May 26 '14 11:05 cemerick

@cemerick it doesn't look like a crypto-hmac library was ever written. what do you think of using pandect?

zonotope avatar Mar 12 '15 20:03 zonotope

That actually seems reasonable. It wraps bouncy castle underneath, which is a respectable choice. I didn't look closely at the implementation yet, but the idea seems sound.

abedra avatar Mar 12 '15 20:03 abedra