Jun 15, 2016

KMAC is a proposed new MAC standard based on the Shake function used in SHA-3.

It explicitly is defined for all key sizes:

"K is the key, a byte string of any length. An empty string is a legal input."

It has some guidance about choosing a secure key size but ultimately libraries are likely to handle this the exact same way as with HMAC and allow users shoot themselves in the foot.

You can call it a "fault of the construction" if you'd like, but ultimately this is a secure construction that happens to allow insecure key sizes. You'll need to use it with a secure key size, or even better, use a library where someone has chosen the key size for you. It is not something you should need to think about as an end user, but it matters.

https://www.ietf.org/mail-archive/web/saag/current/pdfxrzR9r...