HMAC + SHA256 jwt secret length

Question

HMAC + SHA256 jwt secret length

I will sign the token with SHA256, and I wonder about the duration of the mystery that I have to put. Does a secret key length of more than 256 bits have any advantages if I use sha256. So if my key lasts 300 bits, is it more secure?

+4

cryptography hash jwt

user2924127 May 29 '15 at 2:36

source share

1 answer

Loocid · Accepted Answer · 2015-05-29T02:46:57+0000

The key length must be <= 512 bits, because this is the size of the gaskets. If someone tries to force redirect your key, a 512-bit key will be the most secure.

So, to answer your question. Yes, a key length of 300 bits is more secure than one with a length of 256 bits.

HMAC + SHA256 jwt secret length

More articles: