Collaborate Disseminate
i am trying to implement google Authenticator mechanism in c++.
i always get different OTP than that of google authenticator.
i wonder why ?
1 – i searched and found that google uses HMAC-SHA1 algorithm. but i am suspecious because :
almo… Continue reading problem in implementing google authenticator app in c++ [migrated]
I was thinking of implementing the following scheme for encryption of many independent files:
From the password, which is given by the user, generate a master key using for example HMAC-SHA.
From this master key, a subkey is derived for e… Continue reading Does using subkeys provide better protection in this instance?
Due to several customer reasons our product needs to support Basic Auth as primary authentication mechanism with client’s service account.
We are using Bcrypt to store customer’s password in our DB, however Bcrypt (combined with Basic Auth… Continue reading Best secure approach with Basic Auth
I have came across a REST API for some commercial software, that checks authentication by requiring HMAC on concatenation of
http_method (GET, PUT, etc)
timestamp
payload (body of a POST / PUT request if any)
path (everything between http… Continue reading REST API is protected by HMAC based authentication. What does including URL path in the message protect from?
How hmac-secret extension defined in the CTAP2 Specification is used to help implement offline authentication with an authenticator. Is there any other specification that says how to do this?
From the exploration around, it looks like Micr… Continue reading How to uses FIDO2 hmac-secret extension for offline authentication?
Consider the following scenario. A company has several computers for each users on the same domain. They purchase an RSA certificate from a recognized authority which will be deployed with private / public key on all workstations. So all t… Continue reading Use the public key of a certificate as the key for HMAC SHA
I’m trying to implement the putty file format in one of my dart packages. Implementing the actual key loading was ok, but I’m struggeling with the mac validation. I’m not shure what I’m doing wrong here
The putty code is quite clear about … Continue reading Need a test vector for the putty ssh-2 file mac validation
Libsodium supports Blake2 for key derivation. It seems like you shouldn’t truncate the output to get two keys (eg one encryption/one mac) as the recommended way is to use a counter as the salt for different keys.
Would it be ok to use the … Continue reading Using encryption key as input keying material
I need to generate a MAC signature for data on a website, but it’s in a HTML templating system where there’s only a few functions available. The only hashing function available is md5. Ideally, I’d use a real hmac function, but since that’… Continue reading Is md5(data + key) secure if a proper hmac function isn’t available?
We have open endpoints because there is a flow where access token is still not presented. Because of that, I’ve implemented HMAC + DPAPI (using Azure Blob Storage) to store the keys, without involving config files/database. DPAPI is shared… Continue reading HMAC with random application Id and secret with DPAPI