In OAuth 1.0a and 2.0 using MAC Authorization, I need to generate a hash of all QueryString parameters, which requires their normalization (in alphabetical order).
I'm trying to figure out what this offers in terms of security by only generating a hash of the private key + Nonce + Timestamp?
My guess is that extra entropy makes the brute force of the secret key more difficult, but I'm not sure if that is the case.
Does anyone know which security hashes of QueryString over simple hashing?
source
share