Why double hash

Single hash vulnerable to length-extension attacks (SHA-2 based). Double hash + key masking eliminate.

Advertisement

Constant-time comparison

Verify HMAC via constant-time comparison. Timing attacks on == leak byte-by-byte match.

Advertisement

HMAC-SHA256

Most common instantiation. Used in JWT (HS256), API signatures (AWS SigV4), OAuth.