Collaborate Disseminate
According to the HMAC specification in RFC2104, an HMAC is computed in the following way:
HMAC(K, text) = H(K XOR opad, H(K XOR ipad, text))
where H is the underlying hash function, , is concatenation and K has the length of one block.
No… Continue reading Why does HMAC use the hash twice?
I am trying to understand why the following birthday attack is invalid for this MAC construction.
Let Mac : {0, 1}^128 × {0, 1}^256 → {0, 1}^128 be a MAC. Consider the following
adversary A, that is meant to work with Expt Mac(A):
1
Advers… Continue reading Why is birthday attack invalid on this MAC [migrated]
I’m designing a web service meant for storing data for users, but these users don’t have proper server-side accounts, just a random master key the user generated and stores on their device (a bip39 mnemonic) so they can derive some public-… Continue reading HTTP authentication with client-side private key
For simple authentication with backend services, without more sophisticated needs (e.g. roles and scopes), is there any security benefit in using JWTs instead of sending HMAC hashes to verify a payload?
HMAC:
Client generates a timestamp … Continue reading HMAC hashing vs JWTs for stateless authentication
I need info for these following concepts of HMAC. if someone can write it in text paragraphs and answer each requirement that would be perfect i need it for my coursework.
1: Justify properties of HMAC Algorithm based on the original requi… Continue reading I need some information related to HMAC. Read description
I need to verify a MAC for something signed with HMAC-SHA512/256, however, the language I’m using (Salesforce’s Apex language) doesn’t have support for that algorithm. It does have HMAC-SHA512 and HMAC-SHA256 though – is there a way to tra… Continue reading Is it feasible to calculate an HMAC-SHA512/256 MAC from an environment that only supports HMAC-SHA512?
I have numeric IDs that I would like to use in filenames. So for example with IDs 1, 2, 3 we would have 1.jpg, 2.jpg, and 3.jpg
Now the problem is that clearly a user could just guess 4.jpg and view something they shouldn’t be able to find… Continue reading Keyed Hash Function (HMAC) For Unguessable URLs?
There are clients (mobile application), they can share links to their profile info, which should be confidential. The link expires in 5 minutes (configured). They set Auth-Code so that the one who gets the link can access the client’s data… Continue reading Combining confidentiality, authenticity and data integrity to form secure URL
I make session cookies of form session_id+’|’+hmac_sha256(session_id, static_secret) where session_id = random_string(16 bytes) made with a PRNG (not a CSPRNG!) seeded on the server’s timestamp at start-up.
The cookies have the Secure flag… Continue reading Is a simple random+hmac session cookie breakable?
i am trying to implement google Authenticator mechanism in c++.
i always get different OTP than that of google authenticator.
i wonder why ?
1 – i searched and found that google uses HMAC-SHA1 algorithm. but i am suspecious because :
almo… Continue reading problem in implementing google authenticator app in c++ [migrated]