hmac – Tarik Billa

Using HMAC SHA256 in Ruby

January 1, 2024 by Tarik

According to the documentation OpenSSL::HMAC.digest Returns the authentication code an instance represents as a binary string. If you have a problem using that maybe you need a hex encoded form provided by OpenSSL::HMAC.hexdigest Example key = ‘key’ data=”The quick brown fox jumps over the lazy dog” digest = OpenSSL::Digest.new(‘sha256’) OpenSSL::HMAC.digest(digest, key, data) #=> “\xF7\xBC\x83\xF40S\x84$\xB12\x98\xE6\xAAo\xB1C\xEFMY\xA1IF\x17Y\x97G\x9D\xBC-\x1A<\xD8” OpenSSL::HMAC.hexdigest(digest, … Read more

How to use SHA256-HMAC in python code?

December 30, 2023 by Tarik

You are not making use of hmac at all in your code. Typical way to use hmac, construct an HMAC object from your key, message and identify the hashing algorithm by passing in its constructor: h = hmac.new( key, my, hashlib.sha256 ) print( h.hexdigest() ) That should output adcb671e8e24572464c31e8f9ffc5f638ab302a0b673f72554d3cff96a692740 for your example data.

Using HMAC-SHA1 for API authentication – how to store the client password securely?

December 4, 2023 by Tarik

This is the downside of symmetric-key challenge-response style authentication – you don’t put the secret on the wire, but you have to store the secret at both ends. (HMACs are symmetric key systems). Note though that it’s not a password – it’s a shared secret. There’s a fundamental difference here – a password is generally … Read more

Python encoded message with HMAC-SHA256

September 6, 2023 by Tarik

If you want to execute in python3 you should do the following: #python 3 import hmac import hashlib nonce = 1 customer_id = 123456 API_SECRET = ‘thekey’ api_key = ‘thapikey’ message=”{} {} {}”.format(nonce, customer_id, api_key) signature = hmac.new( bytes(API_SECRET, ‘latin-1’), msg=bytes(message, ‘latin-1’), digestmod=hashlib.sha256 ).hexdigest().upper() print(signature)

C# equivalent to hash_hmac in PHP

August 30, 2023 by Tarik

The problem must be the actual representation of the key/message data. See the following tests: PHP #!/usr/bin/php <?php print strtoupper(hash_hmac(“sha256”, “message”, “key”)); ?> Output (live via http://writecodeonline.com/php/): 6E9EF29B75FFFC5B7ABAE527D58FDADB2FE42E7219011976917343065F58ED4A C# using System; using System.Text; using System.Security.Cryptography; public class Program { private const string key = “key”; private const string message = “message”; private static readonly Encoding … Read more

How Do Hardware Token Devices work? [closed]

August 16, 2023 by Tarik

This has very little to do with hash functions. A cryptographic hash function may be part of the implementation, but it’s not required. Actually, it generates the digits on a time-based interval, if I press the button for it to generate the digits, it generates the digits and after about 25 seconds, and I press … Read more

Compute HMAC-SHA512 with secret key in java

August 14, 2023 by Tarik

The simplest way can be – private static final String HMAC_SHA512 = “HmacSHA512”; private static String toHexString(byte[] bytes) { Formatter formatter = new Formatter(); for (byte b : bytes) { formatter.format(“%02x”, b); } return formatter.toString(); } public static String calculateHMAC(String data, String key) throws SignatureException, NoSuchAlgorithmException, InvalidKeyException { SecretKeySpec secretKeySpec = new SecretKeySpec(key.getBytes(), HMAC_SHA512); Mac … Read more

Crypto algorithm list

June 6, 2023 by Tarik

The learning here is that ciphers and hashes are different and use different algorithms. With node’s crypto use .getCiphers() and .getHashes() methods to return an array with the names of the supported ciphers and hashes respectively. var crypto = require(‘crypto’) console.log(crypto.getCiphers()) console.log(crypto.getHashes()) Which logs the following ciphers: [ ‘CAST-cbc’, ‘aes-128-cbc’, ‘aes-128-cbc-hmac-sha1’, ‘aes-128-cfb’, ‘aes-128-cfb1’, ‘aes-128-cfb8’, ‘aes-128-ctr’, … Read more

HMAC vs simple MD5 Hash

May 17, 2023 by Tarik

HMAC is not susceptible to length extension attacks. md5(T + K) should be fine for most uses unless your adversary is motivated to tamper with your message and has very good computing power. As long as you control T, birthday attacks are not applicable and you only have brute-force attacks. But it is good to … Read more

java equivalent to php’s hmac-SHA1

May 3, 2023 by Tarik

In fact they do agree. As Hans Doggen already noted PHP outputs the message digest using hexadecimal notation unless you set the raw output parameter to true. If you want to use the same notation in Java you can use something like for (byte b : digest) { System.out.format(“%02x”, b); } System.out.println(); to format the … Read more