I\'m working on a web API. We are going to use Hmac256 for signature hashing. Fr
ID: 657899 • Letter: I
Question
I'm working on a web API. We are going to use Hmac256 for signature hashing. From what I can gather, the secret is a key used to initialize the hash algorithm (ie to generate a random number). The salt is appended to the content, to make it harder to decrypt.
The API will be used by a few clients and the data is not very sensitive (for now). We will be doing IP filtering on our server.
What is the best practice, using a salt, a secret, or both ? It's kind of cumbersome for the client to have both I think.
Explanation / Answer
Salts and secrets serve different purposes when you're creating a MAC. The secret (the key) is used to prevent existential forgeries, or in other words, to prevent an attacker from creating an equally valid MAC on a tampered message. Without the key, you have no integrity, and you've essentially turned the MAC into a hash. So, you need the key.
A salt, on the other hand, is only useful with a MAC if you are creating signatures for identical messages and need to prevent information leakage. If you create signatures for the same message twice, using the same key, then the MACs will by design be identical. If you don't want attacker to be able to discern whether the messages being signed are identical or not, then you need a salt. If the messages are not identical, as would be the case with encrypt-then-MAC, for instance, where you might rely on an initialization vector to make the ciphertext you're creating the MAC for unique, then you do not need a salt.