Collaborate Disseminate
It seems that the default password based key derivation function that is used by PKCS12 to generate a MAC is this one. It is unique to the standard and probably not used anywhere else. Is it possible to use PBKDF2 instead to generate a MAC… Continue reading Can I use PBKDF2 derivation function to generate a MAC in PKCS12 file?
I’m curious if there is anyone out there who knows what happens at each step?
I am creating an online store system for game servers owners (Minecraft, Rust …).
I am asking the community’s opinion regarding the security level of my API.
Summary
The server owner creates an online store through my website
(donate… Continue reading Is my security schema sufficient or should it be simplified? [closed]
I’m a computer engineering student and I want to implement a cryptographic function for a college project. I want to realize my personal implementation of a WPA2 hash producer in C (and upload it to my FPGA). The main goal would be to use … Continue reading SHA1 standard steps [migrated]
My understanding is that in TOTPs are like HMAC where code is derived from time.
However, I am struggling to understand the concept of Backup Codes in Google Authenticator, and how are they calculated as they are not time sensitive and c… Continue reading How do backup codes work in TOTP, like Google Authenticator?
I i were to provide a person with the single letter ”A” and a HMAC-SHA256 hash of this message (my secret key). Would the person be able to derive any information about my key or be able to forge the hash for the letter ”B”?
Continue reading Are very short messages ok with HMAC-SHA256?
I am working on a Django project and trying to create a REST API to verify email without using any database. My present server connection is HTTP and not HTTPS.
So someone using the API end point POST his email:
REQUEST:
curl –location… Continue reading Is it secure to use HMAC to pass a string to be verified?
In order to allow clients to verify responses originating from our server, we are generating an HMAC signature of the body and a timestamp, and attaching it as a header. The timestamp is also attached as a header. Clients will concatenate … Continue reading Does transmitting short, predictable plaintext along with the HMAC signature of that text present a security risk
To allow api users to verify the authenticity of outgoing webhooks, I am using a similar model to slack:
Concatenate timestamp and body, HMAC with pre-shared key, add timestamp and HMAC digest to headers.
Recipient does the same, and com… Continue reading I am signing (HMAC) outgoing webhooks to allow users to verify their source, should I also sign outgoing responses?
I am creating a secure network data transfer system, and would like to know if there are any obvious flaws in this scheme.
Secrets
The secret is a password that is known to both clients. This password is never transferred p… Continue reading Is this symmetric key system secure?