|
|
|
|
|
|
by KirinDave
3836 days ago
|
|
|
If your shared secret is vulnerable to brute forcing, it's vulnerable to brute forcing. An easy fix for this: generate your shared secret by hashing or salthashing a low-entropy password. As a general rule though, HMAC is used with randomly generated secrets. I don't know why GitHub doesn't just tell you the secret. Amazon's implementation is much more correct. |
|
|