hmac – Page 3 – WindowsTechs.com

Why we need complicate truncation for the OTP?

Posted on March 15, 2022 by Curious_man

If we assume that Time based OTP generates the OTP using the hash function like SHA-3. Then, the generated OTP would Hash(Secret, Shared time).
We want a shortened string rather than a full hash string, so truncation is needed.
But that ha… Continue reading Why we need complicate truncation for the OTP?→

HMAC SHA256 by using a static key + text as a key

Posted on March 13, 2022 by Marc Alves

Maybe it’s not a good idea, but I would like to check it with you.
When using HMAC SHA to hash a clear text value (string max 30 char) I need to use a key (256) but in my scenario this key is static and always the same each time I need to … Continue reading HMAC SHA256 by using a static key + text as a key→

Digital signature for API authentication feasible?

Posted on March 11, 2022 by jhurtas

Could it be practical to authenticate API request through digital signature (based on headers and message body)? This would be asymmetric instead of something like HMAC which is not a signature. Are there performance or other constraint… Continue reading Digital signature for API authentication feasible?→

Am I authenticating devices securely?

Posted on March 9, 2022 by Riki

I’m building a IOT platform for my home as a hobby. Currently, I’m trying to implement device authentication. A device in my case could be a Raspberry Pi, Arduino, Jetson Nano. To authenticate devices I want to use HMAC.
A device is assign… Continue reading Am I authenticating devices securely?→

Usage of HMACs to verify the licensing during production

Posted on January 19, 2022 by Archeg

We have a production that uses our software (put on a chip) and a requirement that we need to limit the amount of chips produced for each customer (so they need to buy a license) – so they can’t produce more than allowed. The production is… Continue reading Usage of HMACs to verify the licensing during production→

DIY: password key derivation tool using PBKDF2 / HMAC [migrated]

Posted on January 18, 2022 by swannty

First of all, I don’t want to reinvent the wheel, just want to build my own car. Non-product environment; only for fun and entertainment.
The goal is to use a single private (and never published) master password to create unique passwords … Continue reading DIY: password key derivation tool using PBKDF2 / HMAC [migrated]→

How does TLS use hashing from the negotiated cipher suite

Posted on January 15, 2022 by A.Ho

I am trying to understand why TLS only uses hashing algorithm like SHA-384 instead of using an HMAC instance like HMAC-SHA-384.
If I understand correctly, this cipher suite (ECDHE_ECDSA_WITH_AES_128_GCM_SHA256) means:

It uses Elliptic Cur… Continue reading How does TLS use hashing from the negotiated cipher suite→

Benefits of HMAC-based server authentication

Posted on December 31, 2021 by automatictester

Context and assumptions:

TLS 1.2 or 1.3, server authentication only
Client uses HMAC to authenticate itself to the server, using a PSK key
Client is a library, not a web browser, which doesn’t allow to "click-through" certificat… Continue reading Benefits of HMAC-based server authentication→

Benefits of HMAC-based server authentication

Posted on December 31, 2021 by automatictester

Context and assumptions:

Zero-knowledge proof of HMAC function [migrated]

Posted on December 10, 2021 by TaihouKai

I’m reading the wikipedia for HMAC, and I feel a little bit lost.
I’m wondering if there exists…
digest = HMAC(msg, key)

Is it possible to prove that digest is computed from msg, without knowing the key?

Continue reading Zero-knowledge proof of HMAC function [migrated]→