Collaborate Disseminate
I am planning to create an API key using the user’s password as message and a random number assigned to that user in my database as key (or vice-versa). I will then store the hash of that API key in my database.
This will make it possible … Continue reading Is it safe to use HMAC to create an API key?
I am working on an application where the general approach is signing most response payloads with HMAC, but there are a couple of endpoints that return text/event-stream in the response. What is the common approach in such cases?
I need to save user email on a public database but I don’t want to do it in plaintext, so I need to hash it. If somebody wants to verify if some email exists in the public database, he or she can calculate hash and check if the hash is the… Continue reading Is HMAC-SHA256 more secure to hide information than SHA256?
Can original text be extracted from data that has gone through HMACSHA512, if both salt and hash is available?
To prevent personal data leaks, is it a good idea to store the hashed form of all user identity-related data (eg. email, phone,… Continue reading Can original text be extracted from data that has gone through HMACSHA512, if both salt and hash is available?
I want to authenticate a user using a username and password in a web app running javascript interfacing to a non node js or php server. In a normal desktop app I could use bcrypt or an hmac or ??. When I search the internet I come up with… Continue reading How authenticate a login with javascript
FPGAs are awesome — they can be essentially configured into becoming any computing device you want. Simply load your selected bitstream into the device on boot, and it behaves like a different piece of hardware. With great power comes great responsibility.
You might try to hack a given FPGA system …read more
Continue reading Researchers Break FPGA Encryption Using FPGA Encryption
I think I quite well understand the theoretical benefit of adding the HMAC (authenticity/integrity on top of confidentiality), but I am looking at this from a key management point-of-view.
Premise: Since anyone could in theory encrypt pla… Continue reading Is HMAC really a benefit for AES-CBC?
Algolia allows you to generate virtual/secured API keys from another parent API key but without a call to their servers.
A virtual key thus generated on the server side with a defined “scope” (like a pre-defined user filter), can be expo… Continue reading How does Algolia’s virtual API keys work?
This question is specific to the Apple/Google Contact Tracing framework. See https://www.blog.google/documents/56/Contact_Tracing_-_Cryptography_Specification.pdf for the cryptography spec.
In this spec, note the Rolling Proximity Identif… Continue reading What advantage does HMAC provide in generating short hashes comparing to regular hash function?
I just got my Yubikey 5 NFC, and would like to use it for
Linux desktop login
Linux KeePassXC (which only supports hmac-sha1 challenge-response)
online accounts
When reading about U2F it seams to be the preferred protocol, but TOPT is … Continue reading How to use Yubikey 5 NFC for online accounts, Linux login, and KeePassXC?