BT

How .NET Handles Standards Compliance that Result in Breaking Changes

| by Jonathan Allen Follow 530 Followers on Feb 16, 2007. Estimated reading time: 1 minute |

Two security classes in .NET, HMACSHA512 and HMACSHA384, have a bug. It isn't an earth-shattering bug, but it does produce results that are inconsistent with the standard. The .NET Security team shows how this will be handed so that current applications won't break when the code gets fixed.

The HMACSHA512 and HMACSHA384 classes produces "results which are not consistent with other implementations of HMAC-SHA-512 and HMAC-SHA-384". This will be addressed in a future service pack, at which time all the programs relying on the old behavior will break.

The first step in addressing this is to add a property called "ProduceLegacyHmacValues". This will allow new programs to explicitly use the old behavior.

In order to support pre-existing programs that happen to be using the new version, a configuration value has been created. The key, legacyHMACMode, can be set in the applications configuration file or at the machine.config level.

Since not everyone is going to hear about this fix before it is too late, warning messages will be placed in the event log and when debuggers are attached to programs that use these classes. Once the change has been handled, the warning message can be disabled using the legacyHMACWarning configuration key.

InfoQ Asks, Is Microsoft handling this the right way?

 

Rate this Article

Adoption Stage
Style

Hello stranger!

You need to Register an InfoQ account or or login to post comments. But there's so much more behind being registered.

Get the most out of the InfoQ experience.

Tell us what you think

Allowed html: a,b,br,blockquote,i,li,pre,u,ul,p

Email me replies to any of my messages in this thread
Community comments

Allowed html: a,b,br,blockquote,i,li,pre,u,ul,p

Email me replies to any of my messages in this thread

Allowed html: a,b,br,blockquote,i,li,pre,u,ul,p

Email me replies to any of my messages in this thread

Discuss

Login to InfoQ to interact with what matters most to you.


Recover your password...

Follow

Follow your favorite topics and editors

Quick overview of most important highlights in the industry and on the site.

Like

More signal, less noise

Build your own feed by choosing topics you want to read about and editors you want to hear from.

Notifications

Stay up-to-date

Set up your notifications and don't miss out on content that matters to you

BT