hmac – Page 9 – WindowsTechs.com

concatenation vs multiple rounds of HMAC

Posted on December 18, 2019 by Marcelo MD

I was studying the AWS request signature process and found that they derive the signing key from multiple sources (one and two related questions).

Specifically this:

kSecret = Your AWS Secret Access Key
kDate = HMAC(“AWS4… Continue reading concatenation vs multiple rounds of HMAC→

API protection – JWT vs HMAC signing vs OAuth

Posted on November 16, 2019 by Mister_L

Lets say you are designing a new API. The consumer of your API is a mobile app that periodically sends requests in the background, but you expect other consumers as well, such as web apps or servers.

Now lets consider two sc… Continue reading API protection – JWT vs HMAC signing vs OAuth→

HMAC and integrity

Posted on November 5, 2019 by theantomc

I’m studying network security and I found this question in my slide, but don’t have an answer.

Discuss the use of keyed HMACs for guaranteeing the integrity of a
file being transmitted over the network (no other guarant… Continue reading HMAC and integrity→

JWT: Choosing between HMAC and RSA

Posted on October 25, 2019 by 4Matt

It is my understanding that HMAC is a symmetric signing algorithm (single secret key) whereas RSA is an asymmetric signing algorithm (private/public key pair). I am trying to choose between these 2 methods for signing JSON Web Tokens.

… Continue reading JWT: Choosing between HMAC and RSA→

Can the username be used in HMAC during client-side hashing?

Posted on October 4, 2019 by 101arrowz

I am very new to authentication and cybersecurity in general, so I apologize if I have anything completely wrong.

My goal is to have the client side hash passwords before sending them to server side in order to protect users… Continue reading Can the username be used in HMAC during client-side hashing?→

Can HMAC-SHA256 be used with username as a secret key?

Posted on October 4, 2019 by 101arrowz

I am very new to authentication and cybersecurity in general, so I apologize if I have anything completely wrong.

My goal is to have the client side hash passwords before sending them to server side in order to protect users… Continue reading Can HMAC-SHA256 be used with username as a secret key?→

Detect duplicates without exposing underlying data

Posted on September 20, 2019 by Peter Watts

We have a scenario where we need to prevent two users from using the same identifier. The identifier is sensitive (e.g. a social security number), so we do not want to store it in our DB. We just want to store some sort of ha… Continue reading Detect duplicates without exposing underlying data→

Swift HMAC doesn’t match NodeJS HMAC, but only sometimes!

Posted on September 18, 2019 by user109321948492842303

I have discovered a HUGE issue in my code, and I have literally no idea what is causing this.

SO, when I send requests to my server I hash a string thats in the request. This is sometimes user input.

My app is multi langua… Continue reading Swift HMAC doesn’t match NodeJS HMAC, but only sometimes!→

Is it safe to share an Azure SAS token with an untrusted client?

Posted on September 17, 2019 by willem

We need to host files in Azure Blob Store, and allow access to end users to their generated “statements”(pdf) for a short period of time.

We’re considering achieving this by generating a short-lived SAS token and sending tha… Continue reading Is it safe to share an Azure SAS token with an untrusted client?→

Is HMAC preferable to Digital signature

Posted on September 5, 2019 by Noe

I’m new to infosec.
I’m studying about various encryption algorithms.
Based on what I’ve found so far, I think HMAC and Digital signature are almost the same except whether the key is symmetric or asymmetric.
For me, it seems… Continue reading Is HMAC preferable to Digital signature→