After reading a bunch of past stack exchange posts like this one and RFCs 5869, 2104, and 4868 I felt comfortable that a 32-byte key was sufficient for HMAC-SHA256. However, I am implementing my code in C# and someone pointed out to me that the Microsoft HMAC-SHA256 documentation recommends a 64-byte key:
The key can be any length. However, the recommended size is 64 bytes.
Is there any good reason to use a 64-byte key instead of a 32-byte key?
