Hacker News new | past | comments | ask | show | jobs | submit login

The security of hmac is not based strictly on the collision resistance of the hashing function.

Oh, and if your HMAC seals over an origin timestamp which your API respects, you've gone and made things even harder.




Join us for AI Startup School this June 16-17 in San Francisco!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: