[Cryptography] Why is a short HMAC key zero-padded instead of hashed?

[Peter Gutmann]

Jerry Leichter <leichter at lrw.com> writes:

>My suggestion is that HMAC should be like AES:  Defined for a random key
>whose length equal to the input block size of the hash function on which it's
>based.

That's already how it's used in the major protocols that use HMAC, SSH, SSL,
CMS, and so on.  So what's left will presumably be oddball DIY stuff, which
probably does all sorts of other odd things in any case so the HMAC keying
will be the least of your worries.

Peter.